Analysis
-
max time kernel
131s -
max time network
146s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
26-11-2022 01:30
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.SuspectCrc.23812.23342.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.SuspectCrc.23812.23342.exe
Resource
win10v2004-20220812-en
General
-
Target
SecuriteInfo.com.Win32.SuspectCrc.23812.23342.exe
-
Size
634KB
-
MD5
b48fbd453403d09c8eaf4b617ebeebcd
-
SHA1
6567212fac086e07777de8fb30807315fea3aeac
-
SHA256
4ef967caea627a1b9cd7f74d31584b69d76f8c532cee528e8815c4f70ae24aa7
-
SHA512
343ea575ceebfb1b7e61ad527902f860c9431c83ed3231112a02495ec83f24215ffdfb4a09f4d2d3ea050bb176e9fc3f37535ba5dd4744ff973bcc529d87216d
-
SSDEEP
12288:zytjRg5fcPrlI7o1wWGKSoLPS8jY199t9OxOm4pMn:utWcPpI7oOKlLPfY9DwxOvpMn
Malware Config
Signatures
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1168-55-0x0000000000260000-0x000000000028B000-memory.dmp modiloader_stage2