General
-
Target
bbb8a2fe38e9dd132a9010d40015c2910caa270894d8c851fd88bceaf3509f54
-
Size
55KB
-
Sample
221126-r57mpsef7x
-
MD5
4d610c4ac5eaeb288497598cde2901d8
-
SHA1
2d309956160033591b79f98d4064755671e280cc
-
SHA256
bbb8a2fe38e9dd132a9010d40015c2910caa270894d8c851fd88bceaf3509f54
-
SHA512
61461115b77eb734e8c90ec7f667ff6fce47340d2aeb0c7cf854ea9836b03735036b20b2d5abdc8541cb1149e9a0b383afad0ea7d9da98d5d85c1cec3a3a8d0f
-
SSDEEP
768:KI3BzmoSNuPtt1z1o9d6iQmZd2DXmyETbC81N+RpcnuJ:Ksdtt1Zo9d/QmZd2DXmjbC83+RWuJ
Behavioral task
behavioral1
Sample
bbb8a2fe38e9dd132a9010d40015c2910caa270894d8c851fd88bceaf3509f54.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
bbb8a2fe38e9dd132a9010d40015c2910caa270894d8c851fd88bceaf3509f54.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
njrat
0.7d
HacKed
hoormoor.ddns.net:5552
7410f80c4836a29ed151653b2f1c1f47
-
reg_key
7410f80c4836a29ed151653b2f1c1f47
-
splitter
|'|'|
Targets
-
-
Target
bbb8a2fe38e9dd132a9010d40015c2910caa270894d8c851fd88bceaf3509f54
-
Size
55KB
-
MD5
4d610c4ac5eaeb288497598cde2901d8
-
SHA1
2d309956160033591b79f98d4064755671e280cc
-
SHA256
bbb8a2fe38e9dd132a9010d40015c2910caa270894d8c851fd88bceaf3509f54
-
SHA512
61461115b77eb734e8c90ec7f667ff6fce47340d2aeb0c7cf854ea9836b03735036b20b2d5abdc8541cb1149e9a0b383afad0ea7d9da98d5d85c1cec3a3a8d0f
-
SSDEEP
768:KI3BzmoSNuPtt1z1o9d6iQmZd2DXmyETbC81N+RpcnuJ:Ksdtt1Zo9d/QmZd2DXmjbC83+RWuJ
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-