General
-
Target
afb45674a8a2158459211e9980686f8329dd3b6b5965e1aceac1fcc07157fcedN.exe
-
Size
326KB
-
Sample
241211-r4s3xswrhx
-
MD5
5cbc5ef6761c90a134f45afa65b218c0
-
SHA1
32fae4542e99ea33e588a093c0b3df7447fcccbf
-
SHA256
afb45674a8a2158459211e9980686f8329dd3b6b5965e1aceac1fcc07157fced
-
SHA512
a08ba89b5c24b5bbc2ed8a7c63756362a9034b00ac75c0ef137b507d9eea1f65459b7ba959d09c61d7f636457f151c0d89769c8fb896ab8d1b0c3237def85b53
-
SSDEEP
3072:ce2A0wxDqUpM5scww4chO+O1BmP5DG0sg3i4XZ9WvDZHwdRX/L+gP38XV/:csxD5cwohO+O1sVG0/pZ6iPC8a
Malware Config
Targets
-
-
Target
afb45674a8a2158459211e9980686f8329dd3b6b5965e1aceac1fcc07157fcedN.exe
-
Size
326KB
-
MD5
5cbc5ef6761c90a134f45afa65b218c0
-
SHA1
32fae4542e99ea33e588a093c0b3df7447fcccbf
-
SHA256
afb45674a8a2158459211e9980686f8329dd3b6b5965e1aceac1fcc07157fced
-
SHA512
a08ba89b5c24b5bbc2ed8a7c63756362a9034b00ac75c0ef137b507d9eea1f65459b7ba959d09c61d7f636457f151c0d89769c8fb896ab8d1b0c3237def85b53
-
SSDEEP
3072:ce2A0wxDqUpM5scww4chO+O1BmP5DG0sg3i4XZ9WvDZHwdRX/L+gP38XV/:csxD5cwohO+O1sVG0/pZ6iPC8a
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-