General
-
Target
6.exe
-
Size
816KB
-
Sample
230117-nn1ahsfa93
-
MD5
c913939da5213c631b70b06fa61eae28
-
SHA1
28d2f9a5f12be6d61b85f5a5d6187e01f0ae284c
-
SHA256
4b382c5497bb61b9cc4189101e9595a031f37db9fa712b61cdc4a60f59bff8b4
-
SHA512
271be8d2ed70e93b16ae7a68e72b93252b6e9164f53d286014e371e801a268d650f484e1a19c1afd85abbd68c8f4718c11dc0c2c19ca64e849434d10fb476e49
-
SSDEEP
12288:hvTirPykFC+EQpA7EOiidyVMmfP8DspvZFVphCF807ldv8gjwowEl52joHDL4wk:aPVFn/A7vsV/f6MvvV+maHN5RA
Static task
static1
Behavioral task
behavioral1
Sample
6.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
6.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
xloader
2.5
euv4
anniebapartments.com
hagenbicycles.com
herbalist101.com
southerncorrosion.net
kuechenpruefer.com
tajniezdrzi.quest
segurofunerarioar.com
boardsandbeamsdecor.com
alifdanismanlik.com
pkem.top
mddc.clinic
handejqr.com
crux-at.com
awp.email
hugsforbubbs.com
cielotherepy.com
turkcuyuz.com
teamidc.com
lankasirinspa.com
68135.online
oprimanumerodos.com
launchclik.com
customapronsnow.com
thecuratedpour.com
20dzwww.com
encludemedia.com
kreativevisibility.net
mehfeels.com
oecmgroup.com
alert78.info
1207rossmoyne.com
spbutoto.com
t1uba.com
protection-onepa.com
byausorsm26-plala.xyz
bestpleasure4u.com
allmnlenem.quest
mobilpartes.com
fabio.tools
bubu3cin.com
nathanmartinez.digital
shristiprintingplaces.com
silkyflawless.com
berylgrote.top
laidbackfurniture.store
leatherman-neal.com
uschargeport.com
the-pumps.com
deepootech.com
drimev.com
seo-art.agency
jasabacklinkweb20.com
tracynicolalamond.com
dandtglaziers.com
vulacils.com
bendyourtongue.com
gulfund.com
ahmadfaizlajis.com
595531.com
metavillagehub.com
librairie-adrienne.com
77777.store
gongwenbo.com
game2plays.com
rematedeldia.com
Targets
-
-
Target
6.exe
-
Size
816KB
-
MD5
c913939da5213c631b70b06fa61eae28
-
SHA1
28d2f9a5f12be6d61b85f5a5d6187e01f0ae284c
-
SHA256
4b382c5497bb61b9cc4189101e9595a031f37db9fa712b61cdc4a60f59bff8b4
-
SHA512
271be8d2ed70e93b16ae7a68e72b93252b6e9164f53d286014e371e801a268d650f484e1a19c1afd85abbd68c8f4718c11dc0c2c19ca64e849434d10fb476e49
-
SSDEEP
12288:hvTirPykFC+EQpA7EOiidyVMmfP8DspvZFVphCF807ldv8gjwowEl52joHDL4wk:aPVFn/A7vsV/f6MvvV+maHN5RA
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Xloader payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-