General
-
Target
3015af9df66408873d8a4910c7e6f692c5bc45f0a73b4471f0e8845781c4d5ca
-
Size
90KB
-
Sample
241211-zgzk7axpgs
-
MD5
c26d825a39e1cc9bba16925da8c8ad58
-
SHA1
000f76afaaa88cde13ee98dec718844b4895d77a
-
SHA256
3015af9df66408873d8a4910c7e6f692c5bc45f0a73b4471f0e8845781c4d5ca
-
SHA512
5421e2345de978f23ee7f856c01f34da38a1b5f8eac8a74c76fc76d6485f9fd6839a47c556f1516910c79eab7475ab013a9dab4e4f0c3d643c6ba82688036a57
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oD/:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3p
Malware Config
Targets
-
-
Target
3015af9df66408873d8a4910c7e6f692c5bc45f0a73b4471f0e8845781c4d5ca
-
Size
90KB
-
MD5
c26d825a39e1cc9bba16925da8c8ad58
-
SHA1
000f76afaaa88cde13ee98dec718844b4895d77a
-
SHA256
3015af9df66408873d8a4910c7e6f692c5bc45f0a73b4471f0e8845781c4d5ca
-
SHA512
5421e2345de978f23ee7f856c01f34da38a1b5f8eac8a74c76fc76d6485f9fd6839a47c556f1516910c79eab7475ab013a9dab4e4f0c3d643c6ba82688036a57
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oD/:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3p
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-