General
-
Target
869a9994670bfe1eea5ea1bb781224000ef3e79b58f3b6d0ad05f58f191529fc.exe
-
Size
90KB
-
Sample
241217-j7dteawkhp
-
MD5
104ca3af8e20298f3c14c8d59ad82c30
-
SHA1
cbf3318e331d3a899924474dab3a0cadd19dea52
-
SHA256
869a9994670bfe1eea5ea1bb781224000ef3e79b58f3b6d0ad05f58f191529fc
-
SHA512
ef87910cd1f66579b51db22adf93d77e01424552186d8db2c05f90103194f6b253b240ca3d04acff055aace061a76bf4a9e0eae895cd26efd5d158f7830a4852
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDI:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3+
Malware Config
Targets
-
-
Target
869a9994670bfe1eea5ea1bb781224000ef3e79b58f3b6d0ad05f58f191529fc.exe
-
Size
90KB
-
MD5
104ca3af8e20298f3c14c8d59ad82c30
-
SHA1
cbf3318e331d3a899924474dab3a0cadd19dea52
-
SHA256
869a9994670bfe1eea5ea1bb781224000ef3e79b58f3b6d0ad05f58f191529fc
-
SHA512
ef87910cd1f66579b51db22adf93d77e01424552186d8db2c05f90103194f6b253b240ca3d04acff055aace061a76bf4a9e0eae895cd26efd5d158f7830a4852
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDI:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3+
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-