General
-
Target
ece15fed61b059ea8996032ada8da0aeb20ebb20e6a9b8124f77a5b1131afcc8N.exe
-
Size
90KB
-
Sample
250103-n7ah7svqdr
-
MD5
980557cf476d3bbc0d9bfffcdcf73380
-
SHA1
b9e894310881afdb931c8de1d771a59e1b83ea0e
-
SHA256
ece15fed61b059ea8996032ada8da0aeb20ebb20e6a9b8124f77a5b1131afcc8
-
SHA512
0f7eaff139fc2088fd77b85e15ac0f7e57aa986bbf359547b1ed47423c5bdfa7a524f07cd17e42a0f8c53158ef58950c0abc179336937a2ef7090b7afc55d942
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDK:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3Y
Malware Config
Targets
-
-
Target
ece15fed61b059ea8996032ada8da0aeb20ebb20e6a9b8124f77a5b1131afcc8N.exe
-
Size
90KB
-
MD5
980557cf476d3bbc0d9bfffcdcf73380
-
SHA1
b9e894310881afdb931c8de1d771a59e1b83ea0e
-
SHA256
ece15fed61b059ea8996032ada8da0aeb20ebb20e6a9b8124f77a5b1131afcc8
-
SHA512
0f7eaff139fc2088fd77b85e15ac0f7e57aa986bbf359547b1ed47423c5bdfa7a524f07cd17e42a0f8c53158ef58950c0abc179336937a2ef7090b7afc55d942
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDK:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3Y
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-