General
-
Target
b5b0e5ec32315259c0002609a21bf3ee5f48ecf6c843508993f0a935a61ff285N.exe
-
Size
90KB
-
Sample
241226-s4s9csyrck
-
MD5
8c36aff793b2bf370ff042ee9b3967f0
-
SHA1
e5084dbb15025d22f8bc8e543c2e8507850ef8bf
-
SHA256
b5b0e5ec32315259c0002609a21bf3ee5f48ecf6c843508993f0a935a61ff285
-
SHA512
a6f82f55fa58e2c478e64970a60147ee53bb80afbe3ba08b9326723d16530f2ee7a9e351bdd7f54bc48d6f3d932df337c425ef1275f4d33c57e5d9aafa96584d
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDp:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3H
Malware Config
Targets
-
-
Target
b5b0e5ec32315259c0002609a21bf3ee5f48ecf6c843508993f0a935a61ff285N.exe
-
Size
90KB
-
MD5
8c36aff793b2bf370ff042ee9b3967f0
-
SHA1
e5084dbb15025d22f8bc8e543c2e8507850ef8bf
-
SHA256
b5b0e5ec32315259c0002609a21bf3ee5f48ecf6c843508993f0a935a61ff285
-
SHA512
a6f82f55fa58e2c478e64970a60147ee53bb80afbe3ba08b9326723d16530f2ee7a9e351bdd7f54bc48d6f3d932df337c425ef1275f4d33c57e5d9aafa96584d
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDp:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3H
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-