General
-
Target
4cd2c79d5c10601ec338e14c0c28ae3334381d1b88fdc259939d70c96c2ff507N.exe
-
Size
90KB
-
Sample
241217-gdh5xstjcj
-
MD5
5c353a35e2201783b767ede34ffd1300
-
SHA1
c682d8d9b812d34ee653fcfdac261a161cc31957
-
SHA256
4cd2c79d5c10601ec338e14c0c28ae3334381d1b88fdc259939d70c96c2ff507
-
SHA512
c5c3179d08ea705599f602e3f71f072118d65f63d82bd3775a0be515e6fe88b212aa7047d83aaeaac9b5718fc2f8b1617e1a6b0ae592a6c21434259d6805594d
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDk:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3K
Malware Config
Targets
-
-
Target
4cd2c79d5c10601ec338e14c0c28ae3334381d1b88fdc259939d70c96c2ff507N.exe
-
Size
90KB
-
MD5
5c353a35e2201783b767ede34ffd1300
-
SHA1
c682d8d9b812d34ee653fcfdac261a161cc31957
-
SHA256
4cd2c79d5c10601ec338e14c0c28ae3334381d1b88fdc259939d70c96c2ff507
-
SHA512
c5c3179d08ea705599f602e3f71f072118d65f63d82bd3775a0be515e6fe88b212aa7047d83aaeaac9b5718fc2f8b1617e1a6b0ae592a6c21434259d6805594d
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDk:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3K
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-