General
-
Target
27733d66f3b13fa92894131a54aae60376205a0c0d4e0378677a510c495c14d4.exe
-
Size
300KB
-
Sample
241206-3ykp5svkgy
-
MD5
1706bf3181f5d5d439cafdc95b41b719
-
SHA1
e52b26611e3944de0580b27aad43adddebec7dc6
-
SHA256
27733d66f3b13fa92894131a54aae60376205a0c0d4e0378677a510c495c14d4
-
SHA512
093def6fc62c301e287192bd71c4e60ee8788077dbd8c5e26a8c6b47a2c3eb1ceee307fb96897982d2a04214b00101ccb125d0440e4f148e4d5d29729be73ea2
-
SSDEEP
3072:Ue2A0wxDqUpM5scww4chO+O1BmP5DG0sg3i4XZ9WvDZHwdRX/L+gP38G+:UsxD5cwohO+O1sVG0/pZ6iPC8o
Malware Config
Targets
-
-
Target
27733d66f3b13fa92894131a54aae60376205a0c0d4e0378677a510c495c14d4.exe
-
Size
300KB
-
MD5
1706bf3181f5d5d439cafdc95b41b719
-
SHA1
e52b26611e3944de0580b27aad43adddebec7dc6
-
SHA256
27733d66f3b13fa92894131a54aae60376205a0c0d4e0378677a510c495c14d4
-
SHA512
093def6fc62c301e287192bd71c4e60ee8788077dbd8c5e26a8c6b47a2c3eb1ceee307fb96897982d2a04214b00101ccb125d0440e4f148e4d5d29729be73ea2
-
SSDEEP
3072:Ue2A0wxDqUpM5scww4chO+O1BmP5DG0sg3i4XZ9WvDZHwdRX/L+gP38G+:UsxD5cwohO+O1sVG0/pZ6iPC8o
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-