General
-
Target
54b4b6ff065acfe556314a4cde93e8ece949e0afb807739ce68d0cef6b75086b
-
Size
300KB
-
Sample
250119-a1svbazmcs
-
MD5
6f073d14508aa79d76397cffce235651
-
SHA1
233420074164775690b3193a3684a890c3ededf9
-
SHA256
54b4b6ff065acfe556314a4cde93e8ece949e0afb807739ce68d0cef6b75086b
-
SHA512
d50a90ca45573953c295e94d609b76e1b1ef3c824c858348e1e9bf2519666f40489921f7e0b518afb40e937aae37fe9e564fbf3c3580147394338732eede8cbb
-
SSDEEP
3072:Ue2A0wxDqUpM5scww4chO+O1BmP5DG0sg3i4XZ9WvDZHwdRX/L+gP38Gs:UsxD5cwohO+O1sVG0/pZ6iPC8q
Malware Config
Targets
-
-
Target
54b4b6ff065acfe556314a4cde93e8ece949e0afb807739ce68d0cef6b75086b
-
Size
300KB
-
MD5
6f073d14508aa79d76397cffce235651
-
SHA1
233420074164775690b3193a3684a890c3ededf9
-
SHA256
54b4b6ff065acfe556314a4cde93e8ece949e0afb807739ce68d0cef6b75086b
-
SHA512
d50a90ca45573953c295e94d609b76e1b1ef3c824c858348e1e9bf2519666f40489921f7e0b518afb40e937aae37fe9e564fbf3c3580147394338732eede8cbb
-
SSDEEP
3072:Ue2A0wxDqUpM5scww4chO+O1BmP5DG0sg3i4XZ9WvDZHwdRX/L+gP38Gs:UsxD5cwohO+O1sVG0/pZ6iPC8q
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-