General
-
Target
f58b545e3af3125cee72a8c22b00be26e5efefb8b3c5b0d8ae7be97c15cc13aeN.exe
-
Size
90KB
-
Sample
250108-gksmyaxjaw
-
MD5
79ed2c89ebf0408596db9a5b8f5cc220
-
SHA1
12c307236a071a6cdeef71af6892c5bc40925805
-
SHA256
f58b545e3af3125cee72a8c22b00be26e5efefb8b3c5b0d8ae7be97c15cc13ae
-
SHA512
f15c88e48209cd904a7e186a4eeecc4d4507ea12b61a013f62cee940531eb4e12b603f209278437282c75014b302c956d0ab21b8470598b8efe97d0b3d626a6b
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDg:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3y
Malware Config
Targets
-
-
Target
f58b545e3af3125cee72a8c22b00be26e5efefb8b3c5b0d8ae7be97c15cc13aeN.exe
-
Size
90KB
-
MD5
79ed2c89ebf0408596db9a5b8f5cc220
-
SHA1
12c307236a071a6cdeef71af6892c5bc40925805
-
SHA256
f58b545e3af3125cee72a8c22b00be26e5efefb8b3c5b0d8ae7be97c15cc13ae
-
SHA512
f15c88e48209cd904a7e186a4eeecc4d4507ea12b61a013f62cee940531eb4e12b603f209278437282c75014b302c956d0ab21b8470598b8efe97d0b3d626a6b
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDg:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3y
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-