General
-
Target
Purchase-Order737883874.exe
-
Size
996KB
-
Sample
220803-kgtmlsacbk
-
MD5
3bebbabe7d62c8cac4f81ad6075a1b98
-
SHA1
36ecddf9dac8b14220b3669c5061c9e747cf798c
-
SHA256
773a7b6da3993d34fe9593573317031ac5ae7f66ead9d8b0366274094bbe9c5a
-
SHA512
fad9b281da8f44d646d53477558c659afe168e13084a4b7aae50a9e84732841543cf1ad526c8f5001354df3fafe3e323a52292e0170591ef7fc9fd4c035b6d5d
Static task
static1
Behavioral task
behavioral1
Sample
Purchase-Order737883874.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
Purchase-Order737883874.exe
Resource
win10v2004-20220721-en
Malware Config
Targets
-
-
Target
Purchase-Order737883874.exe
-
Size
996KB
-
MD5
3bebbabe7d62c8cac4f81ad6075a1b98
-
SHA1
36ecddf9dac8b14220b3669c5061c9e747cf798c
-
SHA256
773a7b6da3993d34fe9593573317031ac5ae7f66ead9d8b0366274094bbe9c5a
-
SHA512
fad9b281da8f44d646d53477558c659afe168e13084a4b7aae50a9e84732841543cf1ad526c8f5001354df3fafe3e323a52292e0170591ef7fc9fd4c035b6d5d
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-