General
-
Target
473f846aa239f023f06ba4fcef8e8be2be4acbcbed850aae1e85ee1ae55efa3f.exe
-
Size
90KB
-
Sample
250122-kbk4aaxkhz
-
MD5
9781c3b5e7ebc346daa2c27449f6d14d
-
SHA1
1c4e03e16a4b0059ba26bbf0a50484cbda956477
-
SHA256
473f846aa239f023f06ba4fcef8e8be2be4acbcbed850aae1e85ee1ae55efa3f
-
SHA512
6cb709f7f7495b3608896fa3a26a417ae1c431efc91c1fe4dd45f58e026da3545f7e7aeed0faac967334bd805a7339669771ae006ac7c657d0c6906b186b9448
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDD:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE39
Malware Config
Targets
-
-
Target
473f846aa239f023f06ba4fcef8e8be2be4acbcbed850aae1e85ee1ae55efa3f.exe
-
Size
90KB
-
MD5
9781c3b5e7ebc346daa2c27449f6d14d
-
SHA1
1c4e03e16a4b0059ba26bbf0a50484cbda956477
-
SHA256
473f846aa239f023f06ba4fcef8e8be2be4acbcbed850aae1e85ee1ae55efa3f
-
SHA512
6cb709f7f7495b3608896fa3a26a417ae1c431efc91c1fe4dd45f58e026da3545f7e7aeed0faac967334bd805a7339669771ae006ac7c657d0c6906b186b9448
-
SSDEEP
1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDD:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE39
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-