General
-
Target
SecuriteInfo.com.Trojan.GenericFCA.Agent.65764.24444.1923.exe
-
Size
734KB
-
Sample
230109-r1ageaee85
-
MD5
e6ae773a4817b46739418358b30325c0
-
SHA1
e8360791e345c75a15c7e7feaa4884441d4a9db2
-
SHA256
8bcf46ad691c82dc43513e12486bd798277cc7a4bd14de0b7c829e4e3ad2f730
-
SHA512
35c8478c458635adf19886266eb06c3d843dfc20f942b55555861cff00594a7a1a0acb2dd8efa1f93fcfa0808eba8f8d99e02352592107d20c8ad05e2ebc01b2
-
SSDEEP
12288:n437Oofhfv77Kz6Vk1z3TDeo9aqIwF4x8vazsAyNBt:nqLhvKJXeo9fH0tzOt
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.GenericFCA.Agent.65764.24444.1923.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.GenericFCA.Agent.65764.24444.1923.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
xloader
2.5
euv4
anniebapartments.com
hagenbicycles.com
herbalist101.com
southerncorrosion.net
kuechenpruefer.com
tajniezdrzi.quest
segurofunerarioar.com
boardsandbeamsdecor.com
alifdanismanlik.com
pkem.top
mddc.clinic
handejqr.com
crux-at.com
awp.email
hugsforbubbs.com
cielotherepy.com
turkcuyuz.com
teamidc.com
lankasirinspa.com
68135.online
oprimanumerodos.com
launchclik.com
customapronsnow.com
thecuratedpour.com
20dzwww.com
encludemedia.com
kreativevisibility.net
mehfeels.com
oecmgroup.com
alert78.info
1207rossmoyne.com
spbutoto.com
t1uba.com
protection-onepa.com
byausorsm26-plala.xyz
bestpleasure4u.com
allmnlenem.quest
mobilpartes.com
fabio.tools
bubu3cin.com
nathanmartinez.digital
shristiprintingplaces.com
silkyflawless.com
berylgrote.top
laidbackfurniture.store
leatherman-neal.com
uschargeport.com
the-pumps.com
deepootech.com
drimev.com
seo-art.agency
jasabacklinkweb20.com
tracynicolalamond.com
dandtglaziers.com
vulacils.com
bendyourtongue.com
gulfund.com
ahmadfaizlajis.com
595531.com
metavillagehub.com
librairie-adrienne.com
77777.store
gongwenbo.com
game2plays.com
rematedeldia.com
Targets
-
-
Target
SecuriteInfo.com.Trojan.GenericFCA.Agent.65764.24444.1923.exe
-
Size
734KB
-
MD5
e6ae773a4817b46739418358b30325c0
-
SHA1
e8360791e345c75a15c7e7feaa4884441d4a9db2
-
SHA256
8bcf46ad691c82dc43513e12486bd798277cc7a4bd14de0b7c829e4e3ad2f730
-
SHA512
35c8478c458635adf19886266eb06c3d843dfc20f942b55555861cff00594a7a1a0acb2dd8efa1f93fcfa0808eba8f8d99e02352592107d20c8ad05e2ebc01b2
-
SSDEEP
12288:n437Oofhfv77Kz6Vk1z3TDeo9aqIwF4x8vazsAyNBt:nqLhvKJXeo9fH0tzOt
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Xloader payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-