General
-
Target
document_office.doc
-
Size
24KB
-
Sample
220802-mg3xdsfacl
-
MD5
8fba73bedafdacd14bc5f9a24fbd2876
-
SHA1
66344cc6bd38fcd883bbda4aafe31293c53eb6ea
-
SHA256
b061bbe895ab062043d4980e755eea721d5c5a4a666e989d964f1890d53b7af1
-
SHA512
6babf1b5d57dcd80aad70dafad53c0b1f5189a276a354d117548138774c8b94c1bf09cddc14bf6a62d6e0679b0311c6c86a22959cc11fd9e85afcc8335e6d2b7
Static task
static1
Behavioral task
behavioral1
Sample
document_office.rtf
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
document_office.rtf
Resource
win10v2004-20220722-en
Malware Config
Targets
-
-
Target
document_office.doc
-
Size
24KB
-
MD5
8fba73bedafdacd14bc5f9a24fbd2876
-
SHA1
66344cc6bd38fcd883bbda4aafe31293c53eb6ea
-
SHA256
b061bbe895ab062043d4980e755eea721d5c5a4a666e989d964f1890d53b7af1
-
SHA512
6babf1b5d57dcd80aad70dafad53c0b1f5189a276a354d117548138774c8b94c1bf09cddc14bf6a62d6e0679b0311c6c86a22959cc11fd9e85afcc8335e6d2b7
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-