General
-
Target
3b0adcf163e9d57743bf9a7b7b0f051db5748727421e892de7739c4278c0aceaN.exe
-
Size
90KB
-
Sample
250108-l93awsvrgs
-
MD5
e3887a41e9aee0193c8e536420285d80
-
SHA1
d83286989b6433a889e0807418f12b6e32fb6898
-
SHA256
3b0adcf163e9d57743bf9a7b7b0f051db5748727421e892de7739c4278c0acea
-
SHA512
55fa8740f8ae924e738ac71299db100cb17de76b59c7b91955963ab694af0cf367d83ebb97721592b028b0ab2184e59e6ba16ffdb96d1dd9e48d42a43806aa53
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oD9:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3T
Malware Config
Targets
-
-
Target
3b0adcf163e9d57743bf9a7b7b0f051db5748727421e892de7739c4278c0aceaN.exe
-
Size
90KB
-
MD5
e3887a41e9aee0193c8e536420285d80
-
SHA1
d83286989b6433a889e0807418f12b6e32fb6898
-
SHA256
3b0adcf163e9d57743bf9a7b7b0f051db5748727421e892de7739c4278c0acea
-
SHA512
55fa8740f8ae924e738ac71299db100cb17de76b59c7b91955963ab694af0cf367d83ebb97721592b028b0ab2184e59e6ba16ffdb96d1dd9e48d42a43806aa53
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oD9:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3T
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-