General
-
Target
cbe728c18f7fcf80f59da78e4d3dd84bb5daef36f976ec3e9aea288ce2ccc0fdN.exe
-
Size
90KB
-
Sample
241220-fpgwka1mgn
-
MD5
317495d9ee713aa4b8a7c7e869176f20
-
SHA1
42f46c0d33fc718254b82197ff29b6aaea61b000
-
SHA256
cbe728c18f7fcf80f59da78e4d3dd84bb5daef36f976ec3e9aea288ce2ccc0fd
-
SHA512
42fc6dbfc3413edac3926ea6b2b8077f996c242adde49de08a2ec9e4a8be0933ae9334c449eee08fb1be975fec9f8d5540bf753da63ee525458d0fe943b075ed
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDU:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3y
Malware Config
Targets
-
-
Target
cbe728c18f7fcf80f59da78e4d3dd84bb5daef36f976ec3e9aea288ce2ccc0fdN.exe
-
Size
90KB
-
MD5
317495d9ee713aa4b8a7c7e869176f20
-
SHA1
42f46c0d33fc718254b82197ff29b6aaea61b000
-
SHA256
cbe728c18f7fcf80f59da78e4d3dd84bb5daef36f976ec3e9aea288ce2ccc0fd
-
SHA512
42fc6dbfc3413edac3926ea6b2b8077f996c242adde49de08a2ec9e4a8be0933ae9334c449eee08fb1be975fec9f8d5540bf753da63ee525458d0fe943b075ed
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDU:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3y
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-