General
-
Target
cb091ca11ff2dfb3274b1469cf04b4cac0169976dfc0ebb96773e8ba9afb913eN.exe
-
Size
326KB
-
Sample
250112-yyrfgazmej
-
MD5
af37f384c70c6c25aa664e99c6d5f720
-
SHA1
0995917956212d7dd84252b16b8f320690a55831
-
SHA256
cb091ca11ff2dfb3274b1469cf04b4cac0169976dfc0ebb96773e8ba9afb913e
-
SHA512
d384330587333e669eab83f7199cf991eb225f2d6d0e52b7f5de80066458bbdc37d027b8cc4ee7c89d865a4002dafa61560e56d5bfa863f5f78de886319ccb45
-
SSDEEP
3072:h0e2A0wxDqUpM5scww4chO+O1BmP5DG0sg3i4XZ9WvDZHwdRX/L+gP38XVJ:h0sxD5cwohO+O1sVG0/pZ6iPC8c
Malware Config
Targets
-
-
Target
cb091ca11ff2dfb3274b1469cf04b4cac0169976dfc0ebb96773e8ba9afb913eN.exe
-
Size
326KB
-
MD5
af37f384c70c6c25aa664e99c6d5f720
-
SHA1
0995917956212d7dd84252b16b8f320690a55831
-
SHA256
cb091ca11ff2dfb3274b1469cf04b4cac0169976dfc0ebb96773e8ba9afb913e
-
SHA512
d384330587333e669eab83f7199cf991eb225f2d6d0e52b7f5de80066458bbdc37d027b8cc4ee7c89d865a4002dafa61560e56d5bfa863f5f78de886319ccb45
-
SSDEEP
3072:h0e2A0wxDqUpM5scww4chO+O1BmP5DG0sg3i4XZ9WvDZHwdRX/L+gP38XVJ:h0sxD5cwohO+O1sVG0/pZ6iPC8c
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-