General
-
Target
f0f630218c9ba5c837cb2d806e9bbaff909e0f66b48beadba894178bef660570N.exe
-
Size
90KB
-
Sample
241222-klfasa1nct
-
MD5
dd5343f3ce84b6961d9e8159ff00b560
-
SHA1
bad070c2e4518cdead6bd840a5c2164cadf44b90
-
SHA256
f0f630218c9ba5c837cb2d806e9bbaff909e0f66b48beadba894178bef660570
-
SHA512
0d9f850d26a570ff83b6d3a43eaa7b868a0e9d718f48481c6759b1d3e09722ebe467fc1fabbc1c5ec6557649faf922b9af46bd5e3ee3bad00bf8d37523ec26be
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oD6:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3M
Malware Config
Targets
-
-
Target
f0f630218c9ba5c837cb2d806e9bbaff909e0f66b48beadba894178bef660570N.exe
-
Size
90KB
-
MD5
dd5343f3ce84b6961d9e8159ff00b560
-
SHA1
bad070c2e4518cdead6bd840a5c2164cadf44b90
-
SHA256
f0f630218c9ba5c837cb2d806e9bbaff909e0f66b48beadba894178bef660570
-
SHA512
0d9f850d26a570ff83b6d3a43eaa7b868a0e9d718f48481c6759b1d3e09722ebe467fc1fabbc1c5ec6557649faf922b9af46bd5e3ee3bad00bf8d37523ec26be
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oD6:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3M
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-