General
-
Target
New order list is attached.zip
-
Size
337KB
-
Sample
230227-pl7r9add6x
-
MD5
4ee76cd0a404fb7ab113093869b5ee4d
-
SHA1
ae26ecb6a4a47ccb7ca6218ab4e8271c02a67b16
-
SHA256
cfeb254bebf24f575377a2dc82e25f73b432facfad2c2f762a820ddc0e8f4028
-
SHA512
d1fce381c203354022b5fd9841c3705c65a2cff51f45d7a059a48a3d450861850de404b288f4620f5fef27ef8758f1a34418daf1162fc5e0fd93cc5072038d86
-
SSDEEP
6144:PM/5bLEQafhRVm3WBE5AdI/U5DtD4YyBNcXpcX46JM174D2PQPmGsYj8Yk:k/5b4Qaf83WW7U5DtDpXXa/O1PEsYj8F
Malware Config
Extracted
xloader
2.5
euv4
anniebapartments.com
hagenbicycles.com
herbalist101.com
southerncorrosion.net
kuechenpruefer.com
tajniezdrzi.quest
segurofunerarioar.com
boardsandbeamsdecor.com
alifdanismanlik.com
pkem.top
mddc.clinic
handejqr.com
crux-at.com
awp.email
hugsforbubbs.com
cielotherepy.com
turkcuyuz.com
teamidc.com
lankasirinspa.com
68135.online
Targets
-
-
Target
New order list is attached.exe
-
Size
771KB
-
MD5
33669c543650acb45e9938e08dd7729f
-
SHA1
b631d13143deb4be68b52a6b01b3aebccbfa19af
-
SHA256
e4a8a88bffaf744487df4bfd56f975542f59efb4aabe037f2ce5baea61875f98
-
SHA512
788201bb639b24c726bc3e29fa25ebfa9ae5c5c2a1fd4509d187c413bdc415ff9c9a3c5e0fe60df9d5924b3af8004f665c09461967cbd109f084fda84b65b38d
-
SSDEEP
12288:Pr5Nxzs78p/cJCzQkgtr80XGjObPkOOFIiteSmF0Z/:PFvzs7bJWbgtopibPkOORm0
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Xloader
Xloader is a rebranded version of Formbook malware.
-
ModiLoader Second Stage
-
Xloader payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-