General
-
Target
dda184d71bcce4e76a9ec283b9a393a2d3c5e02c2c11fda6c87af095313a065cN.exe
-
Size
90KB
-
Sample
250122-gc1nks1kgv
-
MD5
cf402d395016b41ce07d2adb5b19d550
-
SHA1
7b2448917ab24c59525def826309e5b595d2f073
-
SHA256
dda184d71bcce4e76a9ec283b9a393a2d3c5e02c2c11fda6c87af095313a065c
-
SHA512
af18d1c1ce4265917e54e9dc93cd39635ea257ef12de9388dee9f9c890724f01d957e4cdd28892dcb5895ff32a03015869a5d43b88d972f575698f8334a32bf0
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oD2:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3M
Malware Config
Targets
-
-
Target
dda184d71bcce4e76a9ec283b9a393a2d3c5e02c2c11fda6c87af095313a065cN.exe
-
Size
90KB
-
MD5
cf402d395016b41ce07d2adb5b19d550
-
SHA1
7b2448917ab24c59525def826309e5b595d2f073
-
SHA256
dda184d71bcce4e76a9ec283b9a393a2d3c5e02c2c11fda6c87af095313a065c
-
SHA512
af18d1c1ce4265917e54e9dc93cd39635ea257ef12de9388dee9f9c890724f01d957e4cdd28892dcb5895ff32a03015869a5d43b88d972f575698f8334a32bf0
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oD2:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3M
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-