Analysis
-
max time kernel
178s -
max time network
196s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
29-11-2022 19:45
Static task
static1
Behavioral task
behavioral1
Sample
era 1.exe
Resource
win7-20221111-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
era 1.exe
Resource
win10v2004-20221111-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
era 1.exe
-
Size
862KB
-
MD5
84bf18cdc14d7e2c5311ff6cd071a0dc
-
SHA1
a784ef5651e7e1530d4e77ab9f7f3507b51d9e67
-
SHA256
f53107b892a50e33ff130e01cf391a2b69524dbe09b75cc13192365bbd6eda11
-
SHA512
97434045c4c0c4d82296c668ec01a8ae31a9eee9bfba7db6f2d314f1574d3ee950b6a7566a0faa313a1e396541dff76be4cedac8d96bd342ed8783d1f7dc4c0d
-
SSDEEP
12288:fSj5lclcaywFMtTPWQOQSJU3FtJlpCBIUQZC8fRuHT6Kk/RqIkr:fSVKFp6rfn/VXPCyE8fMuqI
Score
10/10
Malware Config
Signatures
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage 1 IoCs
Processes:
resource yara_rule behavioral2/memory/4072-132-0x0000000002430000-0x000000000245B000-memory.dmp modiloader_stage2