General
-
Target
0cf66a1b4d0a0e6280f63c9e6e7530c7419a14a8de5dda8db367d4fde24b198cN.exe
-
Size
300KB
-
Sample
241226-zdpltaypa1
-
MD5
9e71758bf28bddfd59ed34843f0d6740
-
SHA1
d934704c3f4137751938ef9a8de8bbebfcbb7573
-
SHA256
0cf66a1b4d0a0e6280f63c9e6e7530c7419a14a8de5dda8db367d4fde24b198c
-
SHA512
43acbe6659daf882962fce7b730a1e378efb00f8c603bd8370b998c68e17088fefc01c804aa429292ed56736ed8db878db829e0848e59469f535c8b72c61232f
-
SSDEEP
3072:Ue2A0wxDqUpM5scww4chO+O1BmP5DG0sg3i4XZ9WvDZHwdRX/L+gP38GZ:UsxD5cwohO+O1sVG0/pZ6iPC8n
Malware Config
Targets
-
-
Target
0cf66a1b4d0a0e6280f63c9e6e7530c7419a14a8de5dda8db367d4fde24b198cN.exe
-
Size
300KB
-
MD5
9e71758bf28bddfd59ed34843f0d6740
-
SHA1
d934704c3f4137751938ef9a8de8bbebfcbb7573
-
SHA256
0cf66a1b4d0a0e6280f63c9e6e7530c7419a14a8de5dda8db367d4fde24b198c
-
SHA512
43acbe6659daf882962fce7b730a1e378efb00f8c603bd8370b998c68e17088fefc01c804aa429292ed56736ed8db878db829e0848e59469f535c8b72c61232f
-
SSDEEP
3072:Ue2A0wxDqUpM5scww4chO+O1BmP5DG0sg3i4XZ9WvDZHwdRX/L+gP38GZ:UsxD5cwohO+O1sVG0/pZ6iPC8n
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-