General
-
Target
187d5ee6f8ef5db1e34f4e5297b84b1ba7ba408e10bf677822f51cd8368bdaacN.exe
-
Size
90KB
-
Sample
241216-htde2szjdt
-
MD5
fa869ae167ba8fcce07caf5c63205f40
-
SHA1
33c4f0d20fa5db11c85255cd08e7867122ae4637
-
SHA256
187d5ee6f8ef5db1e34f4e5297b84b1ba7ba408e10bf677822f51cd8368bdaac
-
SHA512
c31248ea9d75eb2005f296e1411c4aec9660d3c0078631312939adc6c4d0382d6bffc7dc6daa030f054a47a477b7fe80fb502fab5e0947c691207d347a416288
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDG:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3o
Malware Config
Targets
-
-
Target
187d5ee6f8ef5db1e34f4e5297b84b1ba7ba408e10bf677822f51cd8368bdaacN.exe
-
Size
90KB
-
MD5
fa869ae167ba8fcce07caf5c63205f40
-
SHA1
33c4f0d20fa5db11c85255cd08e7867122ae4637
-
SHA256
187d5ee6f8ef5db1e34f4e5297b84b1ba7ba408e10bf677822f51cd8368bdaac
-
SHA512
c31248ea9d75eb2005f296e1411c4aec9660d3c0078631312939adc6c4d0382d6bffc7dc6daa030f054a47a477b7fe80fb502fab5e0947c691207d347a416288
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDG:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3o
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-