General
-
Target
a9c9bc3aa046023d24aee0c49042a5de667dc89e51a4263a1590fb2a6f889d5d.exe
-
Size
116KB
-
Sample
241219-bk8q9s1mdr
-
MD5
7288e3833d6dc6c0f0e685984c3cd68e
-
SHA1
b3ca51e56bfa03e327944c7df7045c0800c2928b
-
SHA256
a9c9bc3aa046023d24aee0c49042a5de667dc89e51a4263a1590fb2a6f889d5d
-
SHA512
0eac1410b85a07666be3aa836cc81271e06952128cd5b9d34b93e168f1b5047470cf7056abc4b66cc339f7ee7a4da6259c5e15683837477226398ef363b2660d
-
SSDEEP
1536:JOH1ZaQvR1KiX3NK6I+hZhYrt/w5Q6G6IpiRYzz9qJHhhnm0yG5aP/5PxVG:JCKQJcinxphkG5Q6GdpIOkJHhKRfG
Malware Config
Targets
-
-
Target
a9c9bc3aa046023d24aee0c49042a5de667dc89e51a4263a1590fb2a6f889d5d.exe
-
Size
116KB
-
MD5
7288e3833d6dc6c0f0e685984c3cd68e
-
SHA1
b3ca51e56bfa03e327944c7df7045c0800c2928b
-
SHA256
a9c9bc3aa046023d24aee0c49042a5de667dc89e51a4263a1590fb2a6f889d5d
-
SHA512
0eac1410b85a07666be3aa836cc81271e06952128cd5b9d34b93e168f1b5047470cf7056abc4b66cc339f7ee7a4da6259c5e15683837477226398ef363b2660d
-
SSDEEP
1536:JOH1ZaQvR1KiX3NK6I+hZhYrt/w5Q6G6IpiRYzz9qJHhhnm0yG5aP/5PxVG:JCKQJcinxphkG5Q6GdpIOkJHhKRfG
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-