General
-
Target
8612371270.zip
-
Size
408KB
-
Sample
221222-ejnw9adh23
-
MD5
0d90014f668e4f4671ed1e399c690beb
-
SHA1
4abf5c5c94c09d91cddbd8e949337de784471f2f
-
SHA256
152b5d1f1256520bb2bda2d013afe47417e23cd2f162751c406908b5705df3c7
-
SHA512
0002d6f37786b99ed357712ceec1b858f7fba5aabd5ef0d434c4505e499d2c3f2e6c891d5d7beed305390970523d939056553b4378348f6affacb13764da02dc
-
SSDEEP
12288:C22OI6G+gm5yxgUWr7hM3CTRJTCsCnKIO4b28KhF:C4IwgNWUW+eXWtzz29F
Static task
static1
Behavioral task
behavioral1
Sample
1ba301a26579a8c36ff3751744e7a53489abf4b424732b6b80eb1ae83ec067a6.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
1ba301a26579a8c36ff3751744e7a53489abf4b424732b6b80eb1ae83ec067a6.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
netwire
emberluck.duckdns.org:3360
ogcmaw.duckdns.org:3360
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
NET 10
-
lock_executable
false
-
offline_keylogger
false
-
password
Password
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
1ba301a26579a8c36ff3751744e7a53489abf4b424732b6b80eb1ae83ec067a6
-
Size
846KB
-
MD5
e89cfc63f6db02cc2fd01169e0e4149f
-
SHA1
c4ab42d9637dff02f41184d0533a301faea9dacc
-
SHA256
1ba301a26579a8c36ff3751744e7a53489abf4b424732b6b80eb1ae83ec067a6
-
SHA512
dd48b129b16647e66ba67995e7478d4cff10f0049c47b48048b901ef687a1b87d9da3e2fa8c79f3f93ae84433ca1b3aeb0bef56298eb8dee8cec720eeccd34ac
-
SSDEEP
12288:4a3q8ndtbo7kw1kO+7cN2xcIvzGcv1vZunhgJuIpTf/c1Ny:4aXd3wv7CcHegPIpjcf
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
NetWire RAT payload
-
ModiLoader Second Stage
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-