General
-
Target
cbe10abfd98473dd96fd37f6a3001260cce4735bb462c295e66f425519e50312N.exe
-
Size
90KB
-
Sample
250120-he6haawnes
-
MD5
a82295623eb1a0abf835cfd02088f650
-
SHA1
ed066e27604ad759f99c8170e6f9333881b1e79b
-
SHA256
cbe10abfd98473dd96fd37f6a3001260cce4735bb462c295e66f425519e50312
-
SHA512
7c0a199e2ed17e0992da36e2c15c0b2dd3aa65766e1b4ad4ffb0e12fbdd9003c593f0106180923b49a434f9a0b6b4e4a08c53a98ade54ef885a4744fd0e68aac
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oD2:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE38
Malware Config
Targets
-
-
Target
cbe10abfd98473dd96fd37f6a3001260cce4735bb462c295e66f425519e50312N.exe
-
Size
90KB
-
MD5
a82295623eb1a0abf835cfd02088f650
-
SHA1
ed066e27604ad759f99c8170e6f9333881b1e79b
-
SHA256
cbe10abfd98473dd96fd37f6a3001260cce4735bb462c295e66f425519e50312
-
SHA512
7c0a199e2ed17e0992da36e2c15c0b2dd3aa65766e1b4ad4ffb0e12fbdd9003c593f0106180923b49a434f9a0b6b4e4a08c53a98ade54ef885a4744fd0e68aac
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oD2:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE38
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-