General
-
Target
RS03424567554.zip
-
Size
506KB
-
Sample
220930-rsd5maefhp
-
MD5
c0b90c02050fab0debd0f7844efd4639
-
SHA1
4915ca785ce45fbbc082dda09bcfafcfd7061522
-
SHA256
6fbf48056136eab4e1afd66975c8901211bd0641e85f7b08223cd946afe1a909
-
SHA512
e3cc918c2b50b43c786ab58b3f365435c6063ade6a85f75fce9a1df937d907c77ad37b205fe66722125aa474288f18ed2df524177b5409f701c697f566d67793
-
SSDEEP
12288:FtEs6Bu6x+aYcFnsc05PD2bQNGWsXYLgsV2Bqq:FtEvuFD8z0pDSQNzqYL/Pq
Malware Config
Extracted
xloader
2.5
euv4
anniebapartments.com
hagenbicycles.com
herbalist101.com
southerncorrosion.net
kuechenpruefer.com
tajniezdrzi.quest
segurofunerarioar.com
boardsandbeamsdecor.com
alifdanismanlik.com
pkem.top
mddc.clinic
handejqr.com
crux-at.com
awp.email
hugsforbubbs.com
cielotherepy.com
turkcuyuz.com
teamidc.com
lankasirinspa.com
68135.online
Targets
-
-
Target
RS03424567554.exe
-
Size
1.0MB
-
MD5
4b8f9a782e097622b1d1d21d25db7a88
-
SHA1
03e9095032cc7fe744cc1cdaf65b77995b94ce5b
-
SHA256
2d0652b7d29e18418ab22e08e78ffd527353573740a4000f8027e31a7aea43d9
-
SHA512
1f5a18d99a3076d48baee5b728f322385290047b0b77551c6901129b4855512e88d802c878db9d42074ddd4570ccf4221480ef35de8c1f563376f4f817487d80
-
SSDEEP
24576:VkUwSu91iUJodQ/UbMV2i4raNXeaqnjD:Vw9tyibNXeaqnjD
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Xloader
Xloader is a rebranded version of Formbook malware.
-
ModiLoader Second Stage
-
Xloader payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-