General
-
Target
1830a2a89c11ebab6aae43cd9f05b693534e806b3fef3d2a75d68e848ca16b96N.exe
-
Size
90KB
-
Sample
241216-s46jpavmdq
-
MD5
b566fd1b004f24cc3a9988657023c160
-
SHA1
f188304c89c62d4ec5145dae837bf069abd6c726
-
SHA256
1830a2a89c11ebab6aae43cd9f05b693534e806b3fef3d2a75d68e848ca16b96
-
SHA512
1b75cdcf934e9251552d4a18d428d7662895ee7f7d589797c618d74649f761b715a5d99cd6d5b65d188e6f0e72001612f3c2a26989847ef68113241fc139d309
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDK:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3Y
Malware Config
Targets
-
-
Target
1830a2a89c11ebab6aae43cd9f05b693534e806b3fef3d2a75d68e848ca16b96N.exe
-
Size
90KB
-
MD5
b566fd1b004f24cc3a9988657023c160
-
SHA1
f188304c89c62d4ec5145dae837bf069abd6c726
-
SHA256
1830a2a89c11ebab6aae43cd9f05b693534e806b3fef3d2a75d68e848ca16b96
-
SHA512
1b75cdcf934e9251552d4a18d428d7662895ee7f7d589797c618d74649f761b715a5d99cd6d5b65d188e6f0e72001612f3c2a26989847ef68113241fc139d309
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDK:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3Y
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-