Analysis
-
max time kernel
169s -
max time network
161s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
26-01-2022 12:18
Static task
static1
Behavioral task
behavioral1
Sample
SWIFT. UNICREDITGROUP.PDF.exe
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
SWIFT. UNICREDITGROUP.PDF.exe
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
SWIFT. UNICREDITGROUP.PDF.exe
-
Size
869KB
-
MD5
553be7dc5a8951124308e655d27e0170
-
SHA1
f51fafc95052a4ff7aa8f9a0a9131bdee4b20ada
-
SHA256
0183d2fd44e215d6dc408bec45db9767a765767737b737032ff97e75adca46cd
-
SHA512
1ce3113e5b5c7f804bbf7f8a5c30ab2a3661927ee76030a8f95cc1b2932d0a1ea53f9dd17dcb0f57b08d5282f324750bedf25a78ac40500ec6b9012221e660f2
Score
10/10
Malware Config
Signatures
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader First Stage 1 IoCs
Processes:
resource yara_rule behavioral2/memory/3436-117-0x00000000022D0000-0x00000000022EB000-memory.dmp modiloader_stage1