General
-
Target
4ee76cd0a404fb7ab113093869b5ee4d.bin
-
Size
336KB
-
Sample
230301-bpbx4aea36
-
MD5
4e71670e43529b7330b0f186cace33f4
-
SHA1
a7b71d03a8250e208c9e446ae8a09b7f6b512067
-
SHA256
58b702835f6d808073321a551b3f1ddf608628ee525710286396703650c4b1ef
-
SHA512
97b8379b0bc1130465c17ace419d2e51914cf3f8de7b6dd89c8b228a808c39ff8488c9c900a08bede2a3157e3772f10c5e3a94e52b0f6655bd1fb2965179f73a
-
SSDEEP
6144:Hxzvjoev2IsEWuJLaIsV/2s9WwN0t2Y1lSD+6NPIiv/Rn/DRpU/ZjTI2B56m:pboevFaIsVeeWz1lSD+69IitUhTI2n
Static task
static1
Behavioral task
behavioral1
Sample
New order list is attached.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
New order list is attached.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
xloader
2.5
euv4
anniebapartments.com
hagenbicycles.com
herbalist101.com
southerncorrosion.net
kuechenpruefer.com
tajniezdrzi.quest
segurofunerarioar.com
boardsandbeamsdecor.com
alifdanismanlik.com
pkem.top
mddc.clinic
handejqr.com
crux-at.com
awp.email
hugsforbubbs.com
cielotherepy.com
turkcuyuz.com
teamidc.com
lankasirinspa.com
68135.online
oprimanumerodos.com
launchclik.com
customapronsnow.com
thecuratedpour.com
20dzwww.com
encludemedia.com
kreativevisibility.net
mehfeels.com
oecmgroup.com
alert78.info
1207rossmoyne.com
spbutoto.com
t1uba.com
protection-onepa.com
byausorsm26-plala.xyz
bestpleasure4u.com
allmnlenem.quest
mobilpartes.com
fabio.tools
bubu3cin.com
nathanmartinez.digital
shristiprintingplaces.com
silkyflawless.com
berylgrote.top
laidbackfurniture.store
leatherman-neal.com
uschargeport.com
the-pumps.com
deepootech.com
drimev.com
seo-art.agency
jasabacklinkweb20.com
tracynicolalamond.com
dandtglaziers.com
vulacils.com
bendyourtongue.com
gulfund.com
ahmadfaizlajis.com
595531.com
metavillagehub.com
librairie-adrienne.com
77777.store
gongwenbo.com
game2plays.com
rematedeldia.com
Targets
-
-
Target
New order list is attached.exe
-
Size
771KB
-
MD5
33669c543650acb45e9938e08dd7729f
-
SHA1
b631d13143deb4be68b52a6b01b3aebccbfa19af
-
SHA256
e4a8a88bffaf744487df4bfd56f975542f59efb4aabe037f2ce5baea61875f98
-
SHA512
788201bb639b24c726bc3e29fa25ebfa9ae5c5c2a1fd4509d187c413bdc415ff9c9a3c5e0fe60df9d5924b3af8004f665c09461967cbd109f084fda84b65b38d
-
SSDEEP
12288:Pr5Nxzs78p/cJCzQkgtr80XGjObPkOOFIiteSmF0Z/:PFvzs7bJWbgtopibPkOORm0
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Xloader payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-