General
-
Target
daf60bc3bb4e0fd68a61722b1dd91313b7846b8ad3ca816f7147fd64cdf4c0be.exe
-
Size
112KB
-
Sample
241217-11xrdazldw
-
MD5
a99577d0a0c2a757d2f1d7eb077b94fd
-
SHA1
70367686dfb7898b35afaf788d3138e15883f763
-
SHA256
daf60bc3bb4e0fd68a61722b1dd91313b7846b8ad3ca816f7147fd64cdf4c0be
-
SHA512
b114acbbb3b4239fed06d7482382e5a26b8f788e9de88859b0c8ef3d611f4263c7fa78ff60c5f00219b62a2fc7cb26d4829e4685d5775b83ec2eb30eaf2b0794
-
SSDEEP
1536:t2ovIa47CqIf2f3w41p7sDcX7juR/JSJw8EeNshUDGXJak:tVIr7zI+fAceoGxSKKo5ak
Malware Config
Targets
-
-
Target
daf60bc3bb4e0fd68a61722b1dd91313b7846b8ad3ca816f7147fd64cdf4c0be.exe
-
Size
112KB
-
MD5
a99577d0a0c2a757d2f1d7eb077b94fd
-
SHA1
70367686dfb7898b35afaf788d3138e15883f763
-
SHA256
daf60bc3bb4e0fd68a61722b1dd91313b7846b8ad3ca816f7147fd64cdf4c0be
-
SHA512
b114acbbb3b4239fed06d7482382e5a26b8f788e9de88859b0c8ef3d611f4263c7fa78ff60c5f00219b62a2fc7cb26d4829e4685d5775b83ec2eb30eaf2b0794
-
SSDEEP
1536:t2ovIa47CqIf2f3w41p7sDcX7juR/JSJw8EeNshUDGXJak:tVIr7zI+fAceoGxSKKo5ak
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-