General
-
Target
b2b93c0e93ba95e02539ac86220ef6ef1a1a7af0fc718fd19f732b89410f5a3e.exe
-
Size
112KB
-
Sample
241230-wstyasvmev
-
MD5
bb7971f88eaaa8d40418abfd822ef3d3
-
SHA1
3aa390ad4b9be754d10d4240328456544c4d51ea
-
SHA256
b2b93c0e93ba95e02539ac86220ef6ef1a1a7af0fc718fd19f732b89410f5a3e
-
SHA512
dfc4c0415bb2a9a93894bc8a8f99c587c539d111546f0e6cde214265e4bd8df025c3d7c0742dd0253b6b3db37ed0728c58c1653e0c922447f757028fd38214c6
-
SSDEEP
1536:t2ovIa47CqIf2f3w41p7sDcX7juR/JSJw8EeNshUDGXJ5:tVIr7zI+fAceoGxSKKo55
Static task
static1
Behavioral task
behavioral1
Sample
b2b93c0e93ba95e02539ac86220ef6ef1a1a7af0fc718fd19f732b89410f5a3e.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
b2b93c0e93ba95e02539ac86220ef6ef1a1a7af0fc718fd19f732b89410f5a3e.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
b2b93c0e93ba95e02539ac86220ef6ef1a1a7af0fc718fd19f732b89410f5a3e.exe
-
Size
112KB
-
MD5
bb7971f88eaaa8d40418abfd822ef3d3
-
SHA1
3aa390ad4b9be754d10d4240328456544c4d51ea
-
SHA256
b2b93c0e93ba95e02539ac86220ef6ef1a1a7af0fc718fd19f732b89410f5a3e
-
SHA512
dfc4c0415bb2a9a93894bc8a8f99c587c539d111546f0e6cde214265e4bd8df025c3d7c0742dd0253b6b3db37ed0728c58c1653e0c922447f757028fd38214c6
-
SSDEEP
1536:t2ovIa47CqIf2f3w41p7sDcX7juR/JSJw8EeNshUDGXJ5:tVIr7zI+fAceoGxSKKo55
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-