General
-
Target
DHL_924820.IMG
-
Size
1.2MB
-
Sample
221024-sln7pahdcr
-
MD5
cfda7c0d5667f6a214cf4996e5efde92
-
SHA1
7a6ed5160addc9e203696ccdaa5efc112710133a
-
SHA256
bf260ff15e0a10357980937576f516a75d209be93fdfe6852dc0f8cb5be34024
-
SHA512
792c436d175b0eb3fec94f9d09503737ed66001b99d2a30065852a135e5aeb3e0faa36444a494148e7ad4c81d952f55ede4facdf843c01f8ad55b004df23d6de
-
SSDEEP
12288:3FwXm1eLcZbP9mpAmFXZ5e0mvXTeYZITtsUXHvxwUxLfHazzJr0:3FGQeabFmKmFzhmvJWuMPB
Static task
static1
Behavioral task
behavioral1
Sample
DHL_924820.iso
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
DHL_924820.iso
Resource
win10v2004-20220901-en
Behavioral task
behavioral3
Sample
JWBHBWZC.exe
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
JWBHBWZC.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
bitrat
1.38
davidmanne.casacam.net:2223
-
communication_password
b6c6e855edf908ec7c12ce8c8e628a5c
-
tor_process
tor
Targets
-
-
Target
DHL_924820.IMG
-
Size
1.2MB
-
MD5
cfda7c0d5667f6a214cf4996e5efde92
-
SHA1
7a6ed5160addc9e203696ccdaa5efc112710133a
-
SHA256
bf260ff15e0a10357980937576f516a75d209be93fdfe6852dc0f8cb5be34024
-
SHA512
792c436d175b0eb3fec94f9d09503737ed66001b99d2a30065852a135e5aeb3e0faa36444a494148e7ad4c81d952f55ede4facdf843c01f8ad55b004df23d6de
-
SSDEEP
12288:3FwXm1eLcZbP9mpAmFXZ5e0mvXTeYZITtsUXHvxwUxLfHazzJr0:3FGQeabFmKmFzhmvJWuMPB
Score3/10 -
-
-
Target
JWBHBWZC.EXE
-
Size
747KB
-
MD5
f90bac73be91d5143bdb0b2b2898c6b0
-
SHA1
fdf005d2ef50d1bce66dec6f5ddc625dbd97fdaa
-
SHA256
2193931688547621ee5c9ec01922784fb7d3ee91ff65f5f59db006b97c5a0d7a
-
SHA512
9459cdc9c3774f9d25006172fbbe6fd2ffffdb792b4b0c1bf379579e5a8a258a5bd5c9cdb903ad8bef5c1b38760ea7ac098a760ab619654420c89c07e3b75c04
-
SSDEEP
12288:QFwXm1eLcZbP9mpAmFXZ5e0mvXTeYZITtsUXHvxwUxLfHazzJr0:QFGQeabFmKmFzhmvJWuMPB
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-