General
-
Target
df087558e2880f541beeea3404695ae8c5be50ca06a075a7ae6a290b6c5f932a
-
Size
112KB
-
Sample
250116-kqtzqsskdz
-
MD5
87d0b9a3e55bc0f5ea34dbf1bf0f72d4
-
SHA1
23f58687143df6bfc116541ed926d357a8455420
-
SHA256
df087558e2880f541beeea3404695ae8c5be50ca06a075a7ae6a290b6c5f932a
-
SHA512
9e36db288792b95c1d7676252d1941f10871afecf134c5135363cfdbda9463b8818d091079be42c6d4c5a22b6608f4aeb9a6b934a6ac44b863ba72a38298e9ea
-
SSDEEP
1536:t2ovIa47CqIf2f3w41p7sDcX7juR/JSJw8EeNshUDGXJy:tVIr7zI+fAceoGxSKKo5y
Malware Config
Targets
-
-
Target
df087558e2880f541beeea3404695ae8c5be50ca06a075a7ae6a290b6c5f932a
-
Size
112KB
-
MD5
87d0b9a3e55bc0f5ea34dbf1bf0f72d4
-
SHA1
23f58687143df6bfc116541ed926d357a8455420
-
SHA256
df087558e2880f541beeea3404695ae8c5be50ca06a075a7ae6a290b6c5f932a
-
SHA512
9e36db288792b95c1d7676252d1941f10871afecf134c5135363cfdbda9463b8818d091079be42c6d4c5a22b6608f4aeb9a6b934a6ac44b863ba72a38298e9ea
-
SSDEEP
1536:t2ovIa47CqIf2f3w41p7sDcX7juR/JSJw8EeNshUDGXJy:tVIr7zI+fAceoGxSKKo5y
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-