General
-
Target
INVOICES.exe
-
Size
996KB
-
Sample
220803-1jq79sffg3
-
MD5
edfc6e2add36e49c8c9e010db0eb0632
-
SHA1
69697675cdc6d2c26db0709339bfd8f42044e7b6
-
SHA256
86871dd03f2da6c6de34710060ddc726fae5907f1f48d37c26d23f4d3d3f9bb8
-
SHA512
61dd86fe6c09ecb2e8e107a0aa6f93d0d44334f873c3fb4b842be5e4da26e72ad53cc65c202fe9aca0ef540021ed4ddbe4f3fa9030886d835ff6ad74c894cac6
Static task
static1
Behavioral task
behavioral1
Sample
INVOICES.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
INVOICES.exe
Resource
win10v2004-20220721-en
Malware Config
Targets
-
-
Target
INVOICES.exe
-
Size
996KB
-
MD5
edfc6e2add36e49c8c9e010db0eb0632
-
SHA1
69697675cdc6d2c26db0709339bfd8f42044e7b6
-
SHA256
86871dd03f2da6c6de34710060ddc726fae5907f1f48d37c26d23f4d3d3f9bb8
-
SHA512
61dd86fe6c09ecb2e8e107a0aa6f93d0d44334f873c3fb4b842be5e4da26e72ad53cc65c202fe9aca0ef540021ed4ddbe4f3fa9030886d835ff6ad74c894cac6
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-