General
-
Target
796d286a8f4073ed67eff3a0ad3b94e0ecef4e354b7a0d26424581adda87b124N.exe
-
Size
90KB
-
Sample
241218-g6tr5axkdt
-
MD5
970adb5518541e1652bd1514bd1092f0
-
SHA1
658a7d0fc0df47516b752239792b552dbe26fa17
-
SHA256
796d286a8f4073ed67eff3a0ad3b94e0ecef4e354b7a0d26424581adda87b124
-
SHA512
e12b7697fd8bd59141d0f2cb107789fb778390c68e488006091a5603a37813e1fc6eeb3418ea3874d4e92c71a0d11586aadc81b293446fe4b827540019bf041c
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDS:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3c
Malware Config
Targets
-
-
Target
796d286a8f4073ed67eff3a0ad3b94e0ecef4e354b7a0d26424581adda87b124N.exe
-
Size
90KB
-
MD5
970adb5518541e1652bd1514bd1092f0
-
SHA1
658a7d0fc0df47516b752239792b552dbe26fa17
-
SHA256
796d286a8f4073ed67eff3a0ad3b94e0ecef4e354b7a0d26424581adda87b124
-
SHA512
e12b7697fd8bd59141d0f2cb107789fb778390c68e488006091a5603a37813e1fc6eeb3418ea3874d4e92c71a0d11586aadc81b293446fe4b827540019bf041c
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDS:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3c
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-