General
-
Target
8e34d1d1dbb936909370a48c509f3f30006654fb9433c8656205489d26ea4007N.exe
-
Size
300KB
-
Sample
241216-wpvqesxpbn
-
MD5
d179110c09bc742105dbf2c9666f8da0
-
SHA1
fea4d7603197ea464f22f9f67e91dd0914735e1e
-
SHA256
8e34d1d1dbb936909370a48c509f3f30006654fb9433c8656205489d26ea4007
-
SHA512
af9b066dd979dac61f1aa02080860dcb417b7a8dc716eabe9e0b707d93a7c2f6452d12f6e84a5c875ea61d01eaa9fc165f71ab08f6053d540924ae86c386b6d8
-
SSDEEP
3072:Ue2A0wxDqUpM5scww4chO+O1BmP5DG0sg3i4XZ9WvDZHwdRX/L+gP38GK:UsxD5cwohO+O1sVG0/pZ6iPC88
Malware Config
Targets
-
-
Target
8e34d1d1dbb936909370a48c509f3f30006654fb9433c8656205489d26ea4007N.exe
-
Size
300KB
-
MD5
d179110c09bc742105dbf2c9666f8da0
-
SHA1
fea4d7603197ea464f22f9f67e91dd0914735e1e
-
SHA256
8e34d1d1dbb936909370a48c509f3f30006654fb9433c8656205489d26ea4007
-
SHA512
af9b066dd979dac61f1aa02080860dcb417b7a8dc716eabe9e0b707d93a7c2f6452d12f6e84a5c875ea61d01eaa9fc165f71ab08f6053d540924ae86c386b6d8
-
SSDEEP
3072:Ue2A0wxDqUpM5scww4chO+O1BmP5DG0sg3i4XZ9WvDZHwdRX/L+gP38GK:UsxD5cwohO+O1sVG0/pZ6iPC88
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-