General
-
Target
589cf46db69bd928cc1eb36219381b8a762cf10ae165d6094c1ccf6e184fbe46N.exe
-
Size
300KB
-
Sample
250108-gtatgszkhm
-
MD5
e8746f60596b6d3a37dedb9355c568e0
-
SHA1
7a19ecc8ef5dd848a299b585d2ddef062fc44c4e
-
SHA256
589cf46db69bd928cc1eb36219381b8a762cf10ae165d6094c1ccf6e184fbe46
-
SHA512
4b36163d40ac578ec0b6acde4db9a43f4aac32582b3a3f28de2e00b18f02641e185793735e6467a450492106b2cacee805ab84f2e5a3954f8e3893936c9e140b
-
SSDEEP
3072:Ue2A0wxDqUpM5scww4chO+O1BmP5DG0sg3i4XZ9WvDZHwdRX/L+gP38G8:UsxD5cwohO+O1sVG0/pZ6iPC8G
Malware Config
Targets
-
-
Target
589cf46db69bd928cc1eb36219381b8a762cf10ae165d6094c1ccf6e184fbe46N.exe
-
Size
300KB
-
MD5
e8746f60596b6d3a37dedb9355c568e0
-
SHA1
7a19ecc8ef5dd848a299b585d2ddef062fc44c4e
-
SHA256
589cf46db69bd928cc1eb36219381b8a762cf10ae165d6094c1ccf6e184fbe46
-
SHA512
4b36163d40ac578ec0b6acde4db9a43f4aac32582b3a3f28de2e00b18f02641e185793735e6467a450492106b2cacee805ab84f2e5a3954f8e3893936c9e140b
-
SSDEEP
3072:Ue2A0wxDqUpM5scww4chO+O1BmP5DG0sg3i4XZ9WvDZHwdRX/L+gP38G8:UsxD5cwohO+O1sVG0/pZ6iPC8G
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-