General
-
Target
8accd4747d37840aa64cf2fa71630e46c476a41891b248a18730d96a156e0e1b.exe
-
Size
90KB
-
Sample
241219-b2y86askcp
-
MD5
20e7a4ddfcde01266f9628329db255c7
-
SHA1
479fcfe84a874104dbc408724b9fc04df879ac76
-
SHA256
8accd4747d37840aa64cf2fa71630e46c476a41891b248a18730d96a156e0e1b
-
SHA512
adc1dafe207293d6bdafe44a49b9706cdf6e181d3884b41a0403168c47073e39e78a6d5396627866b9182b830b40de87f5aea39b25fd99c8d23c6f1c720fa770
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDo:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3O
Malware Config
Targets
-
-
Target
8accd4747d37840aa64cf2fa71630e46c476a41891b248a18730d96a156e0e1b.exe
-
Size
90KB
-
MD5
20e7a4ddfcde01266f9628329db255c7
-
SHA1
479fcfe84a874104dbc408724b9fc04df879ac76
-
SHA256
8accd4747d37840aa64cf2fa71630e46c476a41891b248a18730d96a156e0e1b
-
SHA512
adc1dafe207293d6bdafe44a49b9706cdf6e181d3884b41a0403168c47073e39e78a6d5396627866b9182b830b40de87f5aea39b25fd99c8d23c6f1c720fa770
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDo:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3O
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-