Analysis
-
max time kernel
144s -
max time network
153s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
16-02-2023 15:38
Static task
static1
Behavioral task
behavioral1
Sample
Order confirmation proforma Invoice.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Order confirmation proforma Invoice.exe
Resource
win10v2004-20221111-en
General
-
Target
Order confirmation proforma Invoice.exe
-
Size
884KB
-
MD5
083de0a909532eb3348578a7beb95bca
-
SHA1
29e83783b3fe5a4e483dec157141f066a6af7026
-
SHA256
fdff6b98ec2be3abdd05531d36bc50d514d449dc6f753fb6aa8d4657e5669828
-
SHA512
5c599d3d780886f2b259fd457c976833a6fb3b48e870fda1a58271637cfeda6cbaeae5a2fbb6308496477d6e6fffd9e6f910860b6dda8e7f44c880fd97a3a932
-
SSDEEP
12288:Cb8A+lyMML0gN55kXFyqf0bGBvGoE3IhAf1nAhglR:C4ZzML0gN5WXFaK9GoEHf1nAhglR
Malware Config
Signatures
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage 1 IoCs
Processes:
resource yara_rule behavioral1/memory/884-55-0x0000000000370000-0x000000000039C000-memory.dmp modiloader_stage2