General
-
Target
afae8453591d23021fdda671fd3c9ace
-
Size
110KB
-
Sample
220809-zvw28ahgc3
-
MD5
afae8453591d23021fdda671fd3c9ace
-
SHA1
e918c28a9254a83cbfe86652dcd6c11a9423c190
-
SHA256
1e6c982fb1855c962efb6b566992774597777df1cfc993828d61f80e89dc471b
-
SHA512
6961cb698bc2420125fe036c7bc56aede9ac0bb357d846a8b03830d7f16fc27174beffaed91aa1fc80d003ed2725bdd4f5eeddbef7fbc83774c6b5629e2465aa
Static task
static1
Behavioral task
behavioral1
Sample
SOA 25.07.2022 - (OUTSTANDING_MARCH Till Date.docx
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
SOA 25.07.2022 - (OUTSTANDING_MARCH Till Date.docx
Resource
win10v2004-20220721-en
Malware Config
Targets
-
-
Target
SOA 25.07.2022 - (OUTSTANDING_MARCH Till Date.docx
-
Size
72KB
-
MD5
950b9dddb59acefed85130122cff05c7
-
SHA1
e01b80f4e8ec62c5e24d0f02dedfd64003f18ac3
-
SHA256
ac95153d7a46449984b704784dc870c7fd9bdb8809fc2e31ff5b5db2d1a53bc9
-
SHA512
c3efc65a685d2e30346982321a5f452aa178a8a65c5ae7f3102789588cd6a3f6e76fe9e96ac5e2721948ed02b91f1468f8e9b358a2e544db69ae6c782dfed271
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-