General
-
Target
db15b1f6acd7722f9daa00353bed077b95310a80de7a392ba6192c5774e30c62.exe
-
Size
90KB
-
Sample
250113-py4lcssmcy
-
MD5
fa2dbc16840066ba38d84206020ee4d4
-
SHA1
1dfe46b41f6915800be93c777232af8d84b44fdb
-
SHA256
db15b1f6acd7722f9daa00353bed077b95310a80de7a392ba6192c5774e30c62
-
SHA512
c70565e78a40534cec3a053fa55408a53e5fb7b6304fbfc3a24eceb2b02f88845f5a221941a3f98dd842f6c9ac07ca59c4fe119c832159b4fe8d9fd4a65cab64
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDI:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3m
Malware Config
Targets
-
-
Target
db15b1f6acd7722f9daa00353bed077b95310a80de7a392ba6192c5774e30c62.exe
-
Size
90KB
-
MD5
fa2dbc16840066ba38d84206020ee4d4
-
SHA1
1dfe46b41f6915800be93c777232af8d84b44fdb
-
SHA256
db15b1f6acd7722f9daa00353bed077b95310a80de7a392ba6192c5774e30c62
-
SHA512
c70565e78a40534cec3a053fa55408a53e5fb7b6304fbfc3a24eceb2b02f88845f5a221941a3f98dd842f6c9ac07ca59c4fe119c832159b4fe8d9fd4a65cab64
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDI:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3m
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-