General
-
Target
Swift Payment Copy .xla.exe
-
Size
793KB
-
Sample
221123-lmma6afb7s
-
MD5
1721e78ab207e52b366bf7a7723a656b
-
SHA1
d2cbaf931dc21807ae5f3ac477810f7f537d444e
-
SHA256
85465b3e86e0e4a460fcf28729773f52de6777db71890ead00e4bee867a3e3ec
-
SHA512
c03920bed87494876f7683ae7081c8977b90165e0645fe5b410dff13be305a61e60fef698972019a57074d7c9a2aa4ca0cf2089f66c323e70aaff73ee1a60510
-
SSDEEP
12288:VV2cbnbazcd5JluSVVvkYhrN+kZt+kXPqTdTB2O4rwSMpxwhxStY:V4cnOcd53uSVVJRskZQWq5oOqLM2xS+
Static task
static1
Behavioral task
behavioral1
Sample
Swift Payment Copy .xla.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Swift Payment Copy .xla.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
https://onedrive.live.com/download?cid=E0CF7F9E6AAF27EF&resid=E0CF7F9E6AAF27EF%21815&authkey=AO1B_84jlgMTl9c
Targets
-
-
Target
Swift Payment Copy .xla.exe
-
Size
793KB
-
MD5
1721e78ab207e52b366bf7a7723a656b
-
SHA1
d2cbaf931dc21807ae5f3ac477810f7f537d444e
-
SHA256
85465b3e86e0e4a460fcf28729773f52de6777db71890ead00e4bee867a3e3ec
-
SHA512
c03920bed87494876f7683ae7081c8977b90165e0645fe5b410dff13be305a61e60fef698972019a57074d7c9a2aa4ca0cf2089f66c323e70aaff73ee1a60510
-
SSDEEP
12288:VV2cbnbazcd5JluSVVvkYhrN+kZt+kXPqTdTB2O4rwSMpxwhxStY:V4cnOcd53uSVVJRskZQWq5oOqLM2xS+
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Blocklisted process makes network request
-