General
-
Target
ab7c3007581704138fbc4961d95fbb779c6ee52a1f4408dc3bbc8b64b1abed79
-
Size
90KB
-
Sample
241220-f6esja1qgr
-
MD5
7426c44f03f4f348dccc35c7c92d377f
-
SHA1
baa65a58514e1d3339366c17253c16e361cc4bec
-
SHA256
ab7c3007581704138fbc4961d95fbb779c6ee52a1f4408dc3bbc8b64b1abed79
-
SHA512
01dd6c4976edc012b6461d2ae47dfc68be1a8cbbfad58181ba446bce4972bb9c7e18dcfcd3ab6f9f2938813b6e973590568b4e0afad262f03c2ef0a744fbdeae
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDi:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3o
Malware Config
Targets
-
-
Target
ab7c3007581704138fbc4961d95fbb779c6ee52a1f4408dc3bbc8b64b1abed79
-
Size
90KB
-
MD5
7426c44f03f4f348dccc35c7c92d377f
-
SHA1
baa65a58514e1d3339366c17253c16e361cc4bec
-
SHA256
ab7c3007581704138fbc4961d95fbb779c6ee52a1f4408dc3bbc8b64b1abed79
-
SHA512
01dd6c4976edc012b6461d2ae47dfc68be1a8cbbfad58181ba446bce4972bb9c7e18dcfcd3ab6f9f2938813b6e973590568b4e0afad262f03c2ef0a744fbdeae
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDi:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3o
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-