General
-
Target
a85cb077adcdbc52fc37cd69d1b33b42cc8e308404daf7177dcf8ab334b40d52
-
Size
90KB
-
Sample
250119-ha2crsyrgl
-
MD5
6c793280169c3d751d10fa5389acc319
-
SHA1
d0989bffdf7c0073b92e0d749644009632106c59
-
SHA256
a85cb077adcdbc52fc37cd69d1b33b42cc8e308404daf7177dcf8ab334b40d52
-
SHA512
1984ee51d7563f78638413e02160b6e5e75cd1a2228f837b1a27cf93a9e3aa134bc959e4387babc92c14b577fab8889d786ac72973005752c55ddf958ee2234e
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDj:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3V
Malware Config
Targets
-
-
Target
a85cb077adcdbc52fc37cd69d1b33b42cc8e308404daf7177dcf8ab334b40d52
-
Size
90KB
-
MD5
6c793280169c3d751d10fa5389acc319
-
SHA1
d0989bffdf7c0073b92e0d749644009632106c59
-
SHA256
a85cb077adcdbc52fc37cd69d1b33b42cc8e308404daf7177dcf8ab334b40d52
-
SHA512
1984ee51d7563f78638413e02160b6e5e75cd1a2228f837b1a27cf93a9e3aa134bc959e4387babc92c14b577fab8889d786ac72973005752c55ddf958ee2234e
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDj:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3V
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-