General
-
Target
14975c44bc39a8f3f71f020f05bbb86f910983d0b867ad430ce69c60c15fcbfa
-
Size
338KB
-
Sample
241230-ypc7gsyndz
-
MD5
a64a382ef7c765b54b4c0ca0792ace7f
-
SHA1
9eb885165dea931fabf3ae8f820c8fd74482ea0f
-
SHA256
14975c44bc39a8f3f71f020f05bbb86f910983d0b867ad430ce69c60c15fcbfa
-
SHA512
506cc36cad7ffc6ff3cc56f08fa00fa30949f6a2902e7820fc95fd362dd4098173ca82a13a755cc909bef2093c3082fa6b309f7041df628b2d62507340767c02
-
SSDEEP
3072:uc3sBG7mXh7m/zZM3jAbNOM6CNtDCZFc/:/3sBz0Z4Mj72F
Malware Config
Targets
-
-
Target
14975c44bc39a8f3f71f020f05bbb86f910983d0b867ad430ce69c60c15fcbfa
-
Size
338KB
-
MD5
a64a382ef7c765b54b4c0ca0792ace7f
-
SHA1
9eb885165dea931fabf3ae8f820c8fd74482ea0f
-
SHA256
14975c44bc39a8f3f71f020f05bbb86f910983d0b867ad430ce69c60c15fcbfa
-
SHA512
506cc36cad7ffc6ff3cc56f08fa00fa30949f6a2902e7820fc95fd362dd4098173ca82a13a755cc909bef2093c3082fa6b309f7041df628b2d62507340767c02
-
SSDEEP
3072:uc3sBG7mXh7m/zZM3jAbNOM6CNtDCZFc/:/3sBz0Z4Mj72F
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-