General
-
Target
USD_ Payment Schedule.xls
-
Size
330KB
-
Sample
210122-5v8qfz1r16
-
MD5
9f32ff59ea65adff3fa4350db7db6534
-
SHA1
fa29ea0f3c997ef85c9fbd0a3f27d57344f15dd1
-
SHA256
03cf03d1cb4fa502ef1992e2aad3f1f7f0d7fbf1f16839d87eaa04f330211bbe
-
SHA512
062ce1a27b51714fb9f8273a67e117dca1c61665d3eb43ffcd619a6c294e4ba8fc997c70b087d66d053cf743d1715f6c562859e3d84e72283920acff76cd8aad
Static task
static1
Behavioral task
behavioral1
Sample
USD_ Payment Schedule.xls
Resource
win7v20201028
Behavioral task
behavioral2
Sample
USD_ Payment Schedule.xls
Resource
win10v20201028
Malware Config
Extracted
lokibot
http://104.223.170.100/hgoldie/Panel/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
USD_ Payment Schedule.xls
-
Size
330KB
-
MD5
9f32ff59ea65adff3fa4350db7db6534
-
SHA1
fa29ea0f3c997ef85c9fbd0a3f27d57344f15dd1
-
SHA256
03cf03d1cb4fa502ef1992e2aad3f1f7f0d7fbf1f16839d87eaa04f330211bbe
-
SHA512
062ce1a27b51714fb9f8273a67e117dca1c61665d3eb43ffcd619a6c294e4ba8fc997c70b087d66d053cf743d1715f6c562859e3d84e72283920acff76cd8aad
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader First Stage
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetThreadContext
-