General
-
Target
5d2d22d1a9e875eb2f54e8a035dbc712fd71eae1f5c99e77de5cc05e035ffbf3
-
Size
90KB
-
Sample
250117-bj3hvsxlcy
-
MD5
87335125fe46e04262f1b08fe076ba72
-
SHA1
2b0185030eba09e1c2e7fb5e2ddfe82f13c0886b
-
SHA256
5d2d22d1a9e875eb2f54e8a035dbc712fd71eae1f5c99e77de5cc05e035ffbf3
-
SHA512
6d43af7a6b928b39cb16ddcd498bc4d3cbe7ea0da334e577ca61884b8db1da8bb603266a5030cd3bcac2435c98ffe85b302168d37eada964bef412c9e27c6c45
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDX:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3Z
Behavioral task
behavioral1
Sample
5d2d22d1a9e875eb2f54e8a035dbc712fd71eae1f5c99e77de5cc05e035ffbf3.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
5d2d22d1a9e875eb2f54e8a035dbc712fd71eae1f5c99e77de5cc05e035ffbf3.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
5d2d22d1a9e875eb2f54e8a035dbc712fd71eae1f5c99e77de5cc05e035ffbf3
-
Size
90KB
-
MD5
87335125fe46e04262f1b08fe076ba72
-
SHA1
2b0185030eba09e1c2e7fb5e2ddfe82f13c0886b
-
SHA256
5d2d22d1a9e875eb2f54e8a035dbc712fd71eae1f5c99e77de5cc05e035ffbf3
-
SHA512
6d43af7a6b928b39cb16ddcd498bc4d3cbe7ea0da334e577ca61884b8db1da8bb603266a5030cd3bcac2435c98ffe85b302168d37eada964bef412c9e27c6c45
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDX:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3Z
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-