General
-
Target
f05c8e324bcab286e91ec019460aaa51feb6588684bd832ad55d38a21e4335daN.exe
-
Size
90KB
-
Sample
241207-mmgw4strgn
-
MD5
98d5d91ad567852f5c601b07c6b3a390
-
SHA1
b85689fc33a83d9f277e28ccee6c454d2c86b3be
-
SHA256
f05c8e324bcab286e91ec019460aaa51feb6588684bd832ad55d38a21e4335da
-
SHA512
eff5b2e7307d1365bbcee75db6ddd76a4fb342610bc99d96af953f588313f7343c198c53e8cdcafedfd1d85d7c0a57f94d2a0528f43a23fe5ae816deb0032e49
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDP:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE31
Malware Config
Targets
-
-
Target
f05c8e324bcab286e91ec019460aaa51feb6588684bd832ad55d38a21e4335daN.exe
-
Size
90KB
-
MD5
98d5d91ad567852f5c601b07c6b3a390
-
SHA1
b85689fc33a83d9f277e28ccee6c454d2c86b3be
-
SHA256
f05c8e324bcab286e91ec019460aaa51feb6588684bd832ad55d38a21e4335da
-
SHA512
eff5b2e7307d1365bbcee75db6ddd76a4fb342610bc99d96af953f588313f7343c198c53e8cdcafedfd1d85d7c0a57f94d2a0528f43a23fe5ae816deb0032e49
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDP:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE31
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-