General
-
Target
fsnsef.exe
-
Size
816KB
-
Sample
230117-m9n9psah6t
-
MD5
94fbb97bc63d2a6783ca27b10e997983
-
SHA1
184554edeb2c4e45a03855fd708907c031c4e16f
-
SHA256
6c0a67f2ab277962eec22ba75349ccfdf630eb3375b930a2fb852c932abce8e6
-
SHA512
ce4979b0ea1d29dbc22b46809bf90a93f2ddb26eae6bb09e78ea5194be9ce6821c9b496d4955dd000167ba77e0867e3639b64c52ab24be4f3d121f5422379382
-
SSDEEP
12288:hvTirPykFC+EQpA7EOiidyVMmfP8DspvZFVphCF807ldv8gjwowEl52joHDL4wk:aPVFn/A7vsV/f6MvvV+maHN5RA
Static task
static1
Behavioral task
behavioral1
Sample
fsnsef.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
fsnsef.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
netwire
swisssouth.ddns.net:6655
sinzu2.ddns.net:6655
talaban.ddns.net:6655
sinzu1.ddns.net:6655
sinzu3.ddns.net:6655
sinzu5.ddns.net:6655
-
activex_autorun
false
-
copy_executable
false
-
delete_original
false
-
host_id
ZZZZZZ
-
lock_executable
false
-
offline_keylogger
false
-
password
5522
-
registry_autorun
false
-
use_mutex
false
Targets
-
-
Target
fsnsef.exe
-
Size
816KB
-
MD5
94fbb97bc63d2a6783ca27b10e997983
-
SHA1
184554edeb2c4e45a03855fd708907c031c4e16f
-
SHA256
6c0a67f2ab277962eec22ba75349ccfdf630eb3375b930a2fb852c932abce8e6
-
SHA512
ce4979b0ea1d29dbc22b46809bf90a93f2ddb26eae6bb09e78ea5194be9ce6821c9b496d4955dd000167ba77e0867e3639b64c52ab24be4f3d121f5422379382
-
SSDEEP
12288:hvTirPykFC+EQpA7EOiidyVMmfP8DspvZFVphCF807ldv8gjwowEl52joHDL4wk:aPVFn/A7vsV/f6MvvV+maHN5RA
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
NetWire RAT payload
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-