General
-
Target
98671db0d60b5c1cf75918f401e6dde02b4a70d2beca5d748f14598e0bd99c64N.exe
-
Size
90KB
-
Sample
241218-n2gqbsypdm
-
MD5
4a93d828f1ab0dc290dca7e2fb5795d0
-
SHA1
8d1bd90aac419fe4d221bb56987d7a2cab5f65a1
-
SHA256
98671db0d60b5c1cf75918f401e6dde02b4a70d2beca5d748f14598e0bd99c64
-
SHA512
6808f009e884a9a8a0c783d851ab206df5bc12f31db711e65341b8d17511bedaaf63cadc94f4d113b0e61c55021963319fcca33c72053613d65e2a1295d47887
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDT:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3d
Malware Config
Targets
-
-
Target
98671db0d60b5c1cf75918f401e6dde02b4a70d2beca5d748f14598e0bd99c64N.exe
-
Size
90KB
-
MD5
4a93d828f1ab0dc290dca7e2fb5795d0
-
SHA1
8d1bd90aac419fe4d221bb56987d7a2cab5f65a1
-
SHA256
98671db0d60b5c1cf75918f401e6dde02b4a70d2beca5d748f14598e0bd99c64
-
SHA512
6808f009e884a9a8a0c783d851ab206df5bc12f31db711e65341b8d17511bedaaf63cadc94f4d113b0e61c55021963319fcca33c72053613d65e2a1295d47887
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDT:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3d
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-