General
-
Target
SecuriteInfo.com.Win32.TrojanDownloader.Delf.DIB.21975.31231
-
Size
924KB
-
Sample
220630-qy359sddf3
-
MD5
4e13d4aa0427eb41203deb4d021ec71c
-
SHA1
12762fa4762e1c1a16cc31656e7a80b7a2428fb5
-
SHA256
d25d2c22b3843c1e8aaecec11b29d4ebb6fbe5b67a6f5a345abf0709516920d3
-
SHA512
4555a7e0dee519f47e92abc7360cb2a48809ccc3cefd12c0146a58f9a8154e9da7f386b002e5e19fede969ded728c06f186331f75d0c415353daab724bed1510
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.TrojanDownloader.Delf.DIB.21975.exe
Resource
win7-20220414-en
Malware Config
Extracted
xloader
2.7
n5mz
ezhuilike.com
broomstickrum.com
ramaniclothing.com
midbots.com
rlxscpe.com
elanagro.online
chahuajie.com
digipubcity.com
predatorstoppers.com
savas-jewelry.com
timinis23.com
homesteaddesignstudio.net
bellezadehoy.online
disintar.xyz
sharinks.tech
redfoxdetroit.com
resscoptheron.com
aspiritualgiftshoppe.com
tematemazo.com
assasa.net
rogfinance.info
ms7779.com
100shortvideos.com
funandfoodboat.com
hubinvoice.com
geroofl.com
unitedoceanlogistics.com
vineabank.com
manchimaata.com
comproorohuelva.com
schooledwriters.com
pastafrescabg.com
no-website-yet.com
waydiscount3.xyz
shroommhc.com
letbeautifyus.com
1869114763.xyz
gasurvivalgear.com
usdtsearch.com
bluewavewoodrow.com
shumeldavisual.com
onlinedegreesukr.com
iden3s.com
kathhyhenslee.com
norskeplanteskoler.online
fullsexzone.net
ssq0973.com
hayatcevredanismanlik.com
pageone.life
takeka.com
karbies.com
augustamobilenotary.net
equipoheza.com
thewoodlandsmusiclessons.com
albemale.com
chaobomedia.com
hg06809.com
icarus-soft.com
duckholland.com
profoxwebdesigner.online
admoola.com
ds922.com
antipeek.net
fanjingdesigner.com
sinibelanja.website
Targets
-
-
Target
SecuriteInfo.com.Win32.TrojanDownloader.Delf.DIB.21975.31231
-
Size
924KB
-
MD5
4e13d4aa0427eb41203deb4d021ec71c
-
SHA1
12762fa4762e1c1a16cc31656e7a80b7a2428fb5
-
SHA256
d25d2c22b3843c1e8aaecec11b29d4ebb6fbe5b67a6f5a345abf0709516920d3
-
SHA512
4555a7e0dee519f47e92abc7360cb2a48809ccc3cefd12c0146a58f9a8154e9da7f386b002e5e19fede969ded728c06f186331f75d0c415353daab724bed1510
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
suricata: ET MALWARE FormBook CnC Checkin (POST) M2
-
ModiLoader Second Stage
-
Xloader Payload
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-