General
-
Target
0dd219091e1de8f3b7e8d92cd1bb932266bdcb06574ec7db3e1a205d8c8b6305
-
Size
90KB
-
Sample
241216-yb1qmazkbk
-
MD5
40f11a1755f8b4d724bcf12d525a07ab
-
SHA1
0e121bbef04214256598fdbe88a10f72755c126b
-
SHA256
0dd219091e1de8f3b7e8d92cd1bb932266bdcb06574ec7db3e1a205d8c8b6305
-
SHA512
1941b28c35c930fb03a17b03377d1fbec01337e572d57fcf8b852f1095199a9d78d01e9a57415df4dfda8fbb0c8656210317d2912f500598e6c7fab6d172ecc7
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDY:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3K
Malware Config
Targets
-
-
Target
0dd219091e1de8f3b7e8d92cd1bb932266bdcb06574ec7db3e1a205d8c8b6305
-
Size
90KB
-
MD5
40f11a1755f8b4d724bcf12d525a07ab
-
SHA1
0e121bbef04214256598fdbe88a10f72755c126b
-
SHA256
0dd219091e1de8f3b7e8d92cd1bb932266bdcb06574ec7db3e1a205d8c8b6305
-
SHA512
1941b28c35c930fb03a17b03377d1fbec01337e572d57fcf8b852f1095199a9d78d01e9a57415df4dfda8fbb0c8656210317d2912f500598e6c7fab6d172ecc7
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDY:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3K
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-