General
-
Target
99c638d9d5d6b862cc89f76cb111fbb9c522006b581da6875233538c715fd400N.exe
-
Size
90KB
-
Sample
250101-vem26atkev
-
MD5
1483e0b53896b683908281d8a2060fd0
-
SHA1
2553a9e5459189588683e34dbef7825559e10099
-
SHA256
99c638d9d5d6b862cc89f76cb111fbb9c522006b581da6875233538c715fd400
-
SHA512
4e508e0ff1575481547f5665c9c1772782af8eb616b81d621772f6cededdb6082d3b1f5f5529f51cdfba6c951744b6f45252474bfe752f07f1365429ca1df240
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDN:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE33
Malware Config
Targets
-
-
Target
99c638d9d5d6b862cc89f76cb111fbb9c522006b581da6875233538c715fd400N.exe
-
Size
90KB
-
MD5
1483e0b53896b683908281d8a2060fd0
-
SHA1
2553a9e5459189588683e34dbef7825559e10099
-
SHA256
99c638d9d5d6b862cc89f76cb111fbb9c522006b581da6875233538c715fd400
-
SHA512
4e508e0ff1575481547f5665c9c1772782af8eb616b81d621772f6cededdb6082d3b1f5f5529f51cdfba6c951744b6f45252474bfe752f07f1365429ca1df240
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDN:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE33
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-