General
-
Target
fffggdd.exe
-
Size
782KB
-
Sample
221128-rrkwsaed3w
-
MD5
f20f55180ec2d3663e57a59c12b90888
-
SHA1
f3b202975017b328605c703676d852d4248883b5
-
SHA256
267c00aebd4e485e7ecb00f9708c1ae7b8d2a7bef84ba980d0783abe3fed4b6f
-
SHA512
c1844a38aee0e3491f46f25b3acc28cd0999c11032ebed26b9c54c882a5154bd4387ded1c0ece8b404b739ca1591ebdc6d6531281bcb77b4c7045928b0d70c43
-
SSDEEP
12288:9mHYsrAQMj7JP2cAmYOKe2ncjOQZgRDFHNFap4nruadYaeLw2Y:s4ZljB2tOUAOQZgZ1Hap4nya6RxY
Static task
static1
Behavioral task
behavioral1
Sample
fffggdd.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
fffggdd.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
formbook
t3qw
cmv2ztfryZrE+3A/E6XVJY/zH13snw==
znM2r24wvyjMBxCX
RH+7M2Ut6PYms2mB6ho=
ZlPRueq+YTIhbwootBU3h8T3H13snw==
cVz99xUsBqvFN6B45U9nio0=
BXU3DIrcdhs2gNyk+lCCIoY=
uzBaz3kYIIMfK6V0Mr9FnhdNPg==
8rOZ/v+7fprLI6NzR+6HJl7EH13snw==
Pr2Wev5P6jlqWCiehQ==
dbzaPc5eWb5zVCPsyrU/
IeLgUQI37HLkFgKO
4xt3Y4yVega6l2LuLk5aovIhhLU=
2QdkbxFB8tkDMkQEyqg1
X1OV8wH0+lwCBwvIciO7Ug==
lYIX+/YAFhbMBxCX
DoxOV/qIixyT+HME6yyvTw==
GAuVkyRmIgwqdeGgIVU3iY8=
VMPRWwSKoDLoqJJuQ3B8kZI=
SAy2t2O1YK0dvad741U3iY8=
OOLZqb+rGSobYw==
BP6KlsGwlrtVHv2LuMCmeZX1
JNnPIbb4mv+inWlIfIQs
i4q7JR4yRCpVjDrXkg==
7d1ZKi1DVjJW0WxEGcBkFXJdkb8=
NahiXwI247vhJ7KMpwquVg==
GUuifI9mMMd3YkgEyqg1
u64xBRXWoLdn3lzrlA==
lGMT+jE3LAL0LoZMwEG2TQ==
adTOQvF5fA7FZd1d3FU3iY8=
/LGF75n7qwdqWCiehQ==
pSZKpi9qOxrMBxCX
H4d//6AZHEEnHhmV
PXLj2/vIWeKTTxeSsqNntbghfTKSgPV8GA==
87y1CKHld806kQ7alA==
a6j+jLaDUF6B67iD19OmeZX1
BDnu2dfk/hxMTA/Niw==
ij31217h5DUh08Y=
tleGAKk0L4nvpKmcdknE29T9
KNyadIZrGSobYw==
+HZi64O1NMpx
2oVLG2r8sIV4
b2cT/URJK5hm
TLvPQfs/9NHzMoQD6yyvTw==
tessj41B14Al1cU=
fvOpegdiN8Y/+9xpkn8JGFR77BLu7vGMGw==
6DdbojapWcBs
OzlpwsiedM46wr17nn0lfvEhJg==
npfZQ/iFlvyfjjXirA0=
14djR8UBxGDMBxCX
w61MS3ttGSobYw==
tIeVD7A+M370sXFtmYgo
P3fa1gYE+CK5cELcHiweOIfs
7TdS87b3eVyEjDrXkg==
S8+Rae1YZHvNScdT3FU3iY8=
hYDFA5EaC2jMBxCX
bi0zjB+moP6gpa42NPlxkJfR6d6SgPV8GA==
P3DCHSDkoLle18c=
zD81ny59PDooXs5e4VU3iY8=
szhcykfHqbXqa0QPeL/ojdg0YByIgPV8GA==
69dJPcsKwJWs6TGnNsWCm5Y=
q5ISFURIL7InoeUp6yyvTw==
Ob6BVcsfwhO0s7UrC64+nhdNPg==
Rnvty9PbBhc/kcyR1gs9TJ0AGuiC
8Bt0U2Iw+Yo0OUEEyqg1
thestillout.com
Targets
-
-
Target
fffggdd.exe
-
Size
782KB
-
MD5
f20f55180ec2d3663e57a59c12b90888
-
SHA1
f3b202975017b328605c703676d852d4248883b5
-
SHA256
267c00aebd4e485e7ecb00f9708c1ae7b8d2a7bef84ba980d0783abe3fed4b6f
-
SHA512
c1844a38aee0e3491f46f25b3acc28cd0999c11032ebed26b9c54c882a5154bd4387ded1c0ece8b404b739ca1591ebdc6d6531281bcb77b4c7045928b0d70c43
-
SSDEEP
12288:9mHYsrAQMj7JP2cAmYOKe2ncjOQZgRDFHNFap4nruadYaeLw2Y:s4ZljB2tOUAOQZgZ1Hap4nya6RxY
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-