General
-
Target
68b7fac33040fdfc0f2897ba9e0dd80492417796fe07803df623f6130823bd96
-
Size
90KB
-
Sample
250102-3ztz7s1jfv
-
MD5
d8bad2a4f21ae5311d8a8b84ccaf9c75
-
SHA1
0d76f571fd274af9f29946889cb378240abb5687
-
SHA256
68b7fac33040fdfc0f2897ba9e0dd80492417796fe07803df623f6130823bd96
-
SHA512
7b9e256eca15823ebcae6f92fd1a5c63715c9ce698447d4a368f2aae9a631d995e90ed548aadb6b4343f2b82f7c280cefd49622c0df6a8cee0e34f33a1be17ac
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDY:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3y
Malware Config
Targets
-
-
Target
68b7fac33040fdfc0f2897ba9e0dd80492417796fe07803df623f6130823bd96
-
Size
90KB
-
MD5
d8bad2a4f21ae5311d8a8b84ccaf9c75
-
SHA1
0d76f571fd274af9f29946889cb378240abb5687
-
SHA256
68b7fac33040fdfc0f2897ba9e0dd80492417796fe07803df623f6130823bd96
-
SHA512
7b9e256eca15823ebcae6f92fd1a5c63715c9ce698447d4a368f2aae9a631d995e90ed548aadb6b4343f2b82f7c280cefd49622c0df6a8cee0e34f33a1be17ac
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDY:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3y
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-