General
-
Target
Order No-202000125.xlsm
-
Size
410KB
-
Sample
210118-9sr9nactbe
-
MD5
2c71ebde60e06f76a2ccc831400f24b7
-
SHA1
7d7294586a74052bce542ba4cd1fb3eeb2ea08a3
-
SHA256
cc52b8f39a31d7372f7c3d76e386fa20f830b530dec05ce67229e4abf33c92d9
-
SHA512
ec36d40a564d98c77a198eed1ab1d0fae309e19800fa00a9f50fdfab6b393bca804c71ca97ce2354c47e707a7d0d84429e280ddb4c0a93730c4f953331b31f87
Static task
static1
Behavioral task
behavioral1
Sample
Order No-202000125.xlsm
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Order No-202000125.xlsm
Resource
win10v20201028
Malware Config
Extracted
http://winsfgt.com/php/u.exe
Extracted
remcos
79.134.225.19:2556
Targets
-
-
Target
Order No-202000125.xlsm
-
Size
410KB
-
MD5
2c71ebde60e06f76a2ccc831400f24b7
-
SHA1
7d7294586a74052bce542ba4cd1fb3eeb2ea08a3
-
SHA256
cc52b8f39a31d7372f7c3d76e386fa20f830b530dec05ce67229e4abf33c92d9
-
SHA512
ec36d40a564d98c77a198eed1ab1d0fae309e19800fa00a9f50fdfab6b393bca804c71ca97ce2354c47e707a7d0d84429e280ddb4c0a93730c4f953331b31f87
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
ModiLoader First Stage
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-