General
-
Target
692cca772c1eeaad17f7b24ee947b76f3b343dd4c14c137bdc327d5a8145d6e4
-
Size
90KB
-
Sample
241218-x7m9qszmcn
-
MD5
476bd55ebcfa028218c707b62905a586
-
SHA1
f7f7239669b639b9e4c89ac3e94bbec76ca4014c
-
SHA256
692cca772c1eeaad17f7b24ee947b76f3b343dd4c14c137bdc327d5a8145d6e4
-
SHA512
1877d5998575d3f23ef61d4204d260eef4d64bdf5e2e5ca3d165fba5f6cc8113428a426e134d67c51d0c2cc1bf059202856bd48557462e497f26e6ed36f568ef
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDJ:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3z
Behavioral task
behavioral1
Sample
692cca772c1eeaad17f7b24ee947b76f3b343dd4c14c137bdc327d5a8145d6e4.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
692cca772c1eeaad17f7b24ee947b76f3b343dd4c14c137bdc327d5a8145d6e4.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
692cca772c1eeaad17f7b24ee947b76f3b343dd4c14c137bdc327d5a8145d6e4
-
Size
90KB
-
MD5
476bd55ebcfa028218c707b62905a586
-
SHA1
f7f7239669b639b9e4c89ac3e94bbec76ca4014c
-
SHA256
692cca772c1eeaad17f7b24ee947b76f3b343dd4c14c137bdc327d5a8145d6e4
-
SHA512
1877d5998575d3f23ef61d4204d260eef4d64bdf5e2e5ca3d165fba5f6cc8113428a426e134d67c51d0c2cc1bf059202856bd48557462e497f26e6ed36f568ef
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDJ:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3z
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-