General
-
Target
SecuriteInfo.com.Win32.Trojan-gen.31819.28757
-
Size
733KB
-
Sample
221129-lnjawsah9t
-
MD5
f536ea8fb5b6586bb2ffc764cd52abff
-
SHA1
313804060f2511b8382d369a3949d5524c1adaef
-
SHA256
e539f80082f961c600e6ff2a21e969d0641aa787831259d3fdd772b28d469721
-
SHA512
873e0a7174be40db35f8e8f06fd7ffaf340128e7ee6ec09f691ca8857aac9b1f4c5d6cdb76841858ef4e52b2fa5a4a9a18588221567626fe1474b8b101cef8ea
-
SSDEEP
12288:i1qMhtVLzLypCggIh36+O9dvjpQVeri442qKk/RqIkr:WFhHzmQgn6+8T/r7PaqI
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.Trojan-gen.31819.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.Trojan-gen.31819.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
formbook
nvp4
EiywrQNofDNveWY1IESoBA==
yqEWFGRfErX7ICQCwyQ+YeLXtaA=
Ers0rc50nbjso0jbdZTmBw==
XQxVP45+F5OZn3ZBTC7MLe1OF3G5c5uK9A==
RHh4uwtsttjzlxy+eW3+
W+xQshfnvmF5n5x2d+cEVdBNIkQRHRE=
FwlyiuXNX0+Trw==
euLn91on/7DeDe++zbQ4YeLXtaA=
td4cO8m3HDRWtl8p7Q==
ZrlyAAPqc3GXI5k=
OM0IisKOI78FJC/IuIxxAu5nRg==
d6A0QJ6PV+AOpyK+eW3+
+EgxFWUu3Ulatl8p7Q==
GC/stck1ILXn+cWZx7w8W6rPFmO6c5uK9A==
hhIiK4+CKEOfB4tr
mA1pyQ85ye8N
4xgWYcEpEoidv8eXKNncAQ==
L+hOVbe+IWyc8oVUclc=
J7EGaJ+L+wKLXUYg7w==
L5R/nfdgQdMHD+TUKw1Zo3Hb
E4z2kWG/vE6yt5E=
+efGEVp82EycSL2U4cpFU2an/aM5SDuF
6zA2kAqIdAQKkve6y7RjtRBf+i8Nvw==
VRqXzvXLVF+hS9arybBihGeOTaKP
PgKByBDCpL4cd9+yO52n/xZmQZeF
pMit5lre4GVyi3xcfywQY58=
F/vD9x4Oz0RWtl8p7Q==
hvZhvTgp/H7Lm2RNdl0=
h/xWhNLDOEpSZUTmIguoBA==
o8qw6kCdiDV4kn1FMZ6et06V+dCQZEmG
bgMOGYox8vMQ
YmFKj+ZWVRBcep49cl0=
Wox2hOnIRnGp3s2RMZ9Zo3Hb
eeTk5zCrpCpSyntTeF0=
FOA7J3NsxuomwEARYVLNU1TR
yuLXKrWb72SKrA==
K6T6LoiKKwZrHY5i
B8UkEkol7nBvrLeOjSwQY58=
GwvWc8gVAk6yt5E=
4IboPYD24Hqi5mxf+g==
L4XQI2A00QtXxxi+eW3+
doMqp/ZMkE6yt5E=
1ebXKoTs0GSYqMZZc1U=
CYnoUKIiG5vI4/HHLNXpCw==
P/FwuirU0FeJxseeKNncAQ==
N21GaMlCYhFbtl8p7Q==
KY95j+NDjk6yt5E=
C/rJL7ACO0yfB4tr
z6QDKYo85+nxAx+zmTgBLYY=
IPBjddXCgzlvd2Y/C3KaMomhUQ==
KNsyKXJjN+wYPi8OLgNZo3Hb
kht0meHAHPpzqQ==
Rm5BMnxa1/s/yxq2wSJcfpc=
+Tn9l2Ax8vMQ
rwkQV4ruG7v1/s+ZKNncAQ==
7+RhcuhVYBpggr5YZUw=
YRaX4klS4xWfB4tr
YIZ5wgZjYOsslloz9A==
+SAdmP/smDZ6oKF4GxNZo3Hb
mSIWBEa/uz9JSodz
PGc0UrsbRk1LwHVWOp+9CQ==
DnJQctQ5jE6yt5E=
gYmlw+nLOxtYl4k=
eRJtqhQDH3KQsg==
brainbookgroup.com
Targets
-
-
Target
SecuriteInfo.com.Win32.Trojan-gen.31819.28757
-
Size
733KB
-
MD5
f536ea8fb5b6586bb2ffc764cd52abff
-
SHA1
313804060f2511b8382d369a3949d5524c1adaef
-
SHA256
e539f80082f961c600e6ff2a21e969d0641aa787831259d3fdd772b28d469721
-
SHA512
873e0a7174be40db35f8e8f06fd7ffaf340128e7ee6ec09f691ca8857aac9b1f4c5d6cdb76841858ef4e52b2fa5a4a9a18588221567626fe1474b8b101cef8ea
-
SSDEEP
12288:i1qMhtVLzLypCggIh36+O9dvjpQVeri442qKk/RqIkr:WFhHzmQgn6+8T/r7PaqI
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-