General
-
Target
SOA 25.07.2022 - (OUTSTANDING_MARCH Till Date.docx
-
Size
72KB
-
Sample
220802-lqg6lseffq
-
MD5
950b9dddb59acefed85130122cff05c7
-
SHA1
e01b80f4e8ec62c5e24d0f02dedfd64003f18ac3
-
SHA256
ac95153d7a46449984b704784dc870c7fd9bdb8809fc2e31ff5b5db2d1a53bc9
-
SHA512
c3efc65a685d2e30346982321a5f452aa178a8a65c5ae7f3102789588cd6a3f6e76fe9e96ac5e2721948ed02b91f1468f8e9b358a2e544db69ae6c782dfed271
Static task
static1
Behavioral task
behavioral1
Sample
SOA 25.07.2022 - (OUTSTANDING_MARCH Till Date.docx
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
SOA 25.07.2022 - (OUTSTANDING_MARCH Till Date.docx
Resource
win10v2004-20220721-en
Malware Config
Targets
-
-
Target
SOA 25.07.2022 - (OUTSTANDING_MARCH Till Date.docx
-
Size
72KB
-
MD5
950b9dddb59acefed85130122cff05c7
-
SHA1
e01b80f4e8ec62c5e24d0f02dedfd64003f18ac3
-
SHA256
ac95153d7a46449984b704784dc870c7fd9bdb8809fc2e31ff5b5db2d1a53bc9
-
SHA512
c3efc65a685d2e30346982321a5f452aa178a8a65c5ae7f3102789588cd6a3f6e76fe9e96ac5e2721948ed02b91f1468f8e9b358a2e544db69ae6c782dfed271
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-