General
-
Target
fbdea2037b42365f2d6c43d5f7fa36c53f0ba6e05a3d4b6ed2711f083c9ce786.exe
-
Size
300KB
-
Sample
250116-11jvhsskeq
-
MD5
3965fc25172d9b4663eee939cb7c424a
-
SHA1
99f703d3b0e83acb885503cec83e7705a290c4df
-
SHA256
fbdea2037b42365f2d6c43d5f7fa36c53f0ba6e05a3d4b6ed2711f083c9ce786
-
SHA512
3d1e77a2a6bcb6503159de468ae1d521b8c4b0e2e53d8bc89126da4905760a69530272764b930b2c59cba3bd9528c6182397b4df2c36f6a7e637ad91fe71f5f6
-
SSDEEP
3072:Ue2A0wxDqUpM5scww4chO+O1BmP5DG0sg3i4XZ9WvDZHwdRX/L+gP38Gv:UsxD5cwohO+O1sVG0/pZ6iPC8d
Static task
static1
Behavioral task
behavioral1
Sample
fbdea2037b42365f2d6c43d5f7fa36c53f0ba6e05a3d4b6ed2711f083c9ce786.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
fbdea2037b42365f2d6c43d5f7fa36c53f0ba6e05a3d4b6ed2711f083c9ce786.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
fbdea2037b42365f2d6c43d5f7fa36c53f0ba6e05a3d4b6ed2711f083c9ce786.exe
-
Size
300KB
-
MD5
3965fc25172d9b4663eee939cb7c424a
-
SHA1
99f703d3b0e83acb885503cec83e7705a290c4df
-
SHA256
fbdea2037b42365f2d6c43d5f7fa36c53f0ba6e05a3d4b6ed2711f083c9ce786
-
SHA512
3d1e77a2a6bcb6503159de468ae1d521b8c4b0e2e53d8bc89126da4905760a69530272764b930b2c59cba3bd9528c6182397b4df2c36f6a7e637ad91fe71f5f6
-
SSDEEP
3072:Ue2A0wxDqUpM5scww4chO+O1BmP5DG0sg3i4XZ9WvDZHwdRX/L+gP38Gv:UsxD5cwohO+O1sVG0/pZ6iPC8d
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-