General
-
Target
aa95fde20adaa37c7641579e37edaca8e5a672e28aa6d735005b664c11bc21e5N.exe
-
Size
112KB
-
Sample
241222-m82teawmcr
-
MD5
ff54a22dc697b82df4f185deade078f0
-
SHA1
124703a4d1046c20ba7095f2c3151582f97160c4
-
SHA256
aa95fde20adaa37c7641579e37edaca8e5a672e28aa6d735005b664c11bc21e5
-
SHA512
cd17197939d3625d6764bb260f24e66d497448befb8173f32c8fff58186a97108d032ad57001c361a932aaf94b41e4ed8af8848f99695cab3d91435dbbffd0e7
-
SSDEEP
1536:t2ovIa47CqIf2f3w41p7sDcX7juR/JSJw8EeNshUDGXJr:tVIr7zI+fAceoGxSKKo5r
Malware Config
Targets
-
-
Target
aa95fde20adaa37c7641579e37edaca8e5a672e28aa6d735005b664c11bc21e5N.exe
-
Size
112KB
-
MD5
ff54a22dc697b82df4f185deade078f0
-
SHA1
124703a4d1046c20ba7095f2c3151582f97160c4
-
SHA256
aa95fde20adaa37c7641579e37edaca8e5a672e28aa6d735005b664c11bc21e5
-
SHA512
cd17197939d3625d6764bb260f24e66d497448befb8173f32c8fff58186a97108d032ad57001c361a932aaf94b41e4ed8af8848f99695cab3d91435dbbffd0e7
-
SSDEEP
1536:t2ovIa47CqIf2f3w41p7sDcX7juR/JSJw8EeNshUDGXJr:tVIr7zI+fAceoGxSKKo5r
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-