General
-
Target
334fd6171e7c6f1abe744513b73181451458e072bd5a277595a313a06b8e07cbN.exe
-
Size
94KB
-
Sample
250111-kk48hstjbv
-
MD5
2ec9b63a3af42f5662684235b707d7f0
-
SHA1
eabd6c1c3399da30d892f4112b82824abb0ee96b
-
SHA256
334fd6171e7c6f1abe744513b73181451458e072bd5a277595a313a06b8e07cb
-
SHA512
f860a9658d240af71e30860b5e2d33fee1dda7c7baa59016654c822e3c30d802ff9d2b7a2f1b9956b09f0c012fbaacdbeda2a2477f70169a4fa855770df2f44e
-
SSDEEP
1536:/pdyL9GjGiwA1z0PmVggNJKbFD2BBMx1RiwmPJr3raDk5BRf13KH9m2POE/n:/pdyLALwACPmV3NYaYLiwIt3raA5BRfy
Malware Config
Targets
-
-
Target
334fd6171e7c6f1abe744513b73181451458e072bd5a277595a313a06b8e07cbN.exe
-
Size
94KB
-
MD5
2ec9b63a3af42f5662684235b707d7f0
-
SHA1
eabd6c1c3399da30d892f4112b82824abb0ee96b
-
SHA256
334fd6171e7c6f1abe744513b73181451458e072bd5a277595a313a06b8e07cb
-
SHA512
f860a9658d240af71e30860b5e2d33fee1dda7c7baa59016654c822e3c30d802ff9d2b7a2f1b9956b09f0c012fbaacdbeda2a2477f70169a4fa855770df2f44e
-
SSDEEP
1536:/pdyL9GjGiwA1z0PmVggNJKbFD2BBMx1RiwmPJr3raDk5BRf13KH9m2POE/n:/pdyLALwACPmV3NYaYLiwIt3raA5BRfy
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-