General
-
Target
SecuriteInfo.com.Win32.DropperX-gen.15655.570.exe
-
Size
719KB
-
Sample
221124-rvpzxadh4v
-
MD5
05f703e7a42a6c540c9d5c815eb17f88
-
SHA1
2fc5a59e412216cba76eb7fa122478bec8c2d125
-
SHA256
0fd7b17afcfaa921522141380792c3105ec20547c795a21c2eb0810c82e7e5e2
-
SHA512
8f7eca2be01bb273b7e18644b02d9358725baf3bd1d51919899226ac8e1a7b8050d018f0af72341eb4aa092150537f151f303513c92305d1dc44e5741bd1c6b0
-
SSDEEP
12288:HbAOmbLGin3WhvyX2GahiJ9//4BsEOeNOVOYPmMi0fq1r:HbPsLV3WhKX2GF///MsEfAVOKmMi0fM
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.DropperX-gen.15655.570.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.DropperX-gen.15655.570.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
formbook
t3qw
cmv2ztfryZrE+3A/E6XVJY/zH13snw==
znM2r24wvyjMBxCX
RH+7M2Ut6PYms2mB6ho=
ZlPRueq+YTIhbwootBU3h8T3H13snw==
cVz99xUsBqvFN6B45U9nio0=
BXU3DIrcdhs2gNyk+lCCIoY=
uzBaz3kYIIMfK6V0Mr9FnhdNPg==
8rOZ/v+7fprLI6NzR+6HJl7EH13snw==
Pr2Wev5P6jlqWCiehQ==
dbzaPc5eWb5zVCPsyrU/
IeLgUQI37HLkFgKO
4xt3Y4yVega6l2LuLk5aovIhhLU=
2QdkbxFB8tkDMkQEyqg1
X1OV8wH0+lwCBwvIciO7Ug==
lYIX+/YAFhbMBxCX
DoxOV/qIixyT+HME6yyvTw==
GAuVkyRmIgwqdeGgIVU3iY8=
VMPRWwSKoDLoqJJuQ3B8kZI=
SAy2t2O1YK0dvad741U3iY8=
OOLZqb+rGSobYw==
BP6KlsGwlrtVHv2LuMCmeZX1
JNnPIbb4mv+inWlIfIQs
i4q7JR4yRCpVjDrXkg==
7d1ZKi1DVjJW0WxEGcBkFXJdkb8=
NahiXwI247vhJ7KMpwquVg==
GUuifI9mMMd3YkgEyqg1
u64xBRXWoLdn3lzrlA==
lGMT+jE3LAL0LoZMwEG2TQ==
adTOQvF5fA7FZd1d3FU3iY8=
/LGF75n7qwdqWCiehQ==
pSZKpi9qOxrMBxCX
H4d//6AZHEEnHhmV
PXLj2/vIWeKTTxeSsqNntbghfTKSgPV8GA==
87y1CKHld806kQ7alA==
a6j+jLaDUF6B67iD19OmeZX1
BDnu2dfk/hxMTA/Niw==
ij31217h5DUh08Y=
tleGAKk0L4nvpKmcdknE29T9
KNyadIZrGSobYw==
+HZi64O1NMpx
2oVLG2r8sIV4
b2cT/URJK5hm
TLvPQfs/9NHzMoQD6yyvTw==
tessj41B14Al1cU=
fvOpegdiN8Y/+9xpkn8JGFR77BLu7vGMGw==
6DdbojapWcBs
OzlpwsiedM46wr17nn0lfvEhJg==
npfZQ/iFlvyfjjXirA0=
14djR8UBxGDMBxCX
w61MS3ttGSobYw==
tIeVD7A+M370sXFtmYgo
P3fa1gYE+CK5cELcHiweOIfs
7TdS87b3eVyEjDrXkg==
S8+Rae1YZHvNScdT3FU3iY8=
hYDFA5EaC2jMBxCX
bi0zjB+moP6gpa42NPlxkJfR6d6SgPV8GA==
P3DCHSDkoLle18c=
zD81ny59PDooXs5e4VU3iY8=
szhcykfHqbXqa0QPeL/ojdg0YByIgPV8GA==
69dJPcsKwJWs6TGnNsWCm5Y=
q5ISFURIL7InoeUp6yyvTw==
Ob6BVcsfwhO0s7UrC64+nhdNPg==
Rnvty9PbBhc/kcyR1gs9TJ0AGuiC
8Bt0U2Iw+Yo0OUEEyqg1
thestillout.com
Targets
-
-
Target
SecuriteInfo.com.Win32.DropperX-gen.15655.570.exe
-
Size
719KB
-
MD5
05f703e7a42a6c540c9d5c815eb17f88
-
SHA1
2fc5a59e412216cba76eb7fa122478bec8c2d125
-
SHA256
0fd7b17afcfaa921522141380792c3105ec20547c795a21c2eb0810c82e7e5e2
-
SHA512
8f7eca2be01bb273b7e18644b02d9358725baf3bd1d51919899226ac8e1a7b8050d018f0af72341eb4aa092150537f151f303513c92305d1dc44e5741bd1c6b0
-
SSDEEP
12288:HbAOmbLGin3WhvyX2GahiJ9//4BsEOeNOVOYPmMi0fq1r:HbPsLV3WhKX2GF///MsEfAVOKmMi0fM
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-