General
-
Target
17b13a041ab3c33b2df855720e1d1b13d483e9dcead59cd5095719031ec94651N.exe
-
Size
572KB
-
Sample
241226-eqbv9swpas
-
MD5
29577e31ffe7d4818d7a90541d821230
-
SHA1
3c0be81dca7b46c792fefbe0bd8dd496016facc8
-
SHA256
17b13a041ab3c33b2df855720e1d1b13d483e9dcead59cd5095719031ec94651
-
SHA512
9bd2d201b1d2d039423591a9df354127d147d30bf4f2e989a1c11dbf1e725d27a325703ed58d978a23bd7935680c21ac7d27468391a4f1cf8240a69e326ae42e
-
SSDEEP
12288:us2w8hvkR2OWhNlGIZ0igJTtCThXP68d+FRCZtR8WHxh7bBIr0:T2wC88OWhDDsJTtoNgDKrphWg
Malware Config
Targets
-
-
Target
17b13a041ab3c33b2df855720e1d1b13d483e9dcead59cd5095719031ec94651N.exe
-
Size
572KB
-
MD5
29577e31ffe7d4818d7a90541d821230
-
SHA1
3c0be81dca7b46c792fefbe0bd8dd496016facc8
-
SHA256
17b13a041ab3c33b2df855720e1d1b13d483e9dcead59cd5095719031ec94651
-
SHA512
9bd2d201b1d2d039423591a9df354127d147d30bf4f2e989a1c11dbf1e725d27a325703ed58d978a23bd7935680c21ac7d27468391a4f1cf8240a69e326ae42e
-
SSDEEP
12288:us2w8hvkR2OWhNlGIZ0igJTtCThXP68d+FRCZtR8WHxh7bBIr0:T2wC88OWhDDsJTtoNgDKrphWg
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-