General
-
Target
Re_ Re_ Re_ Re_ Re_ Re_ Re_ Re_ Re_ Re_ Nuevo orden .eml
-
Size
678KB
-
Sample
220801-wvprcsfgc5
-
MD5
83d98e7cda6039cb9fb1294d320c14e0
-
SHA1
594d178dd5014a8a3c39930ef0e6f75a1cf07339
-
SHA256
c00ea04a144d7ccc62f5bb04d051628ca6dc7f95a40d6e8bb3cbe9f9ebb30830
-
SHA512
f27122a69e900c22c9a72979c96b90b3f6d8290a99e2e40e7339219c91f6d21cb0c567af624ee821f4f89e9f4914fe3337837cb3632efb2ffb3d454d238f673b
Static task
static1
Behavioral task
behavioral1
Sample
nueva lista de pedidos.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
nueva lista de pedidos.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
xloader
2.5
euv4
anniebapartments.com
hagenbicycles.com
herbalist101.com
southerncorrosion.net
kuechenpruefer.com
tajniezdrzi.quest
segurofunerarioar.com
boardsandbeamsdecor.com
alifdanismanlik.com
pkem.top
mddc.clinic
handejqr.com
crux-at.com
awp.email
hugsforbubbs.com
cielotherepy.com
turkcuyuz.com
teamidc.com
lankasirinspa.com
68135.online
oprimanumerodos.com
launchclik.com
customapronsnow.com
thecuratedpour.com
20dzwww.com
encludemedia.com
kreativevisibility.net
mehfeels.com
oecmgroup.com
alert78.info
1207rossmoyne.com
spbutoto.com
t1uba.com
protection-onepa.com
byausorsm26-plala.xyz
bestpleasure4u.com
allmnlenem.quest
mobilpartes.com
fabio.tools
bubu3cin.com
nathanmartinez.digital
shristiprintingplaces.com
silkyflawless.com
berylgrote.top
laidbackfurniture.store
leatherman-neal.com
uschargeport.com
the-pumps.com
deepootech.com
drimev.com
seo-art.agency
jasabacklinkweb20.com
tracynicolalamond.com
dandtglaziers.com
vulacils.com
bendyourtongue.com
gulfund.com
ahmadfaizlajis.com
595531.com
metavillagehub.com
librairie-adrienne.com
77777.store
gongwenbo.com
game2plays.com
rematedeldia.com
Targets
-
-
Target
nueva lista de pedidos.exe
-
Size
836KB
-
MD5
3b12812bab47633965bd2f1ff26bc1ce
-
SHA1
b5762130efea5e20df322648c3aee48e11ef4ef3
-
SHA256
f3395807ce9dbd59c7da8d182904119365dfec0f02f4942189e2de963a9ca1f0
-
SHA512
2c7efda80d8d1b43d713c9ef90914a0f1f9d70ec87a5e09e10f900949e6529304b9e37bd5667edc1e94a8246b9578b6538b07dad79d9071892108adeb2980636
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Xloader payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-