General
-
Target
Order #165-3520P-WTMM10X.iso
-
Size
1.5MB
-
Sample
220831-pvqv4afhf2
-
MD5
510fe325e02ae0c90506b71436ceb0b8
-
SHA1
11d67b2c71463cd0f39a53867ddce00f9583faab
-
SHA256
7fc5cab9b8a5be34673d30ee1553d9c3a367e6a088e23fa99e4a6b53e0bc993d
-
SHA512
643c4c89613ed1bf75803ffcb86089c4fa1641d39eb55aa6d467d6012bf96638ca5dcbb20a3e2547f60efc822a53a54fbc9b527c203e2c88de89ea9e4f41b2b8
-
SSDEEP
12288:Y8HA79b9hfYBkePys94ClAFJXCrJ/0KbLtyB4pWRqbudaYz:5Axb3YBkeP944AFJYs0Li/8ikYz
Static task
static1
Behavioral task
behavioral1
Sample
ORDER__1.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
ORDER__1.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
ORDER__1.EXE
-
Size
972KB
-
MD5
cf24bb3088fcff26fd01872839486f83
-
SHA1
7d00cd9ef02adc15cd67c46067c80f88fbd90782
-
SHA256
4cdde4b6617f96c1052c08ec2379ac02b2d10dc0f676179b0fd0b897c4be51e0
-
SHA512
728b8999eda544225aacb2070a4314293c15ecaf6f56b969bfb8b1ba6c45caa00421bce4138aad48aac3fc98b353d92ddc727d8ab202f2e9a68f8971ae737813
-
SSDEEP
12288:z8HA79b9hfYBkePys94ClAFJXCrJ/0KbLtyB4pWRqbudaYz:+Axb3YBkeP944AFJYs0Li/8ikYz
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
NetWire RAT payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-