General
-
Target
U prilogu je nova narudzba_1.zip
-
Size
399KB
-
Sample
230405-wzw18sag5v
-
MD5
236d63b46907ea78177b2dec4aa204c6
-
SHA1
39d9d39294eb320610e9007d7f3ed05ed4a79c90
-
SHA256
7e9791f9b689b63f46ac6c7565b6b805616f22cde83f042607aae4e1989182d6
-
SHA512
922a4354911a149af97c1b17e334b66b1e78e7e75ecb384d25a1c9601325a0b7492f6a293785abe3d71eaa10f04c00f976725432efc40940ca887d3d93f5223e
-
SSDEEP
6144:VM3Uw5Yai+KgaeQIs4H9JbGv48CoVmBwsBRxE2ffpKOF1O0p3TRe7mVqqj0vHxuB:i3Uvai+FE/6rCv48NmXBfZDScPwwgs
Static task
static1
Behavioral task
behavioral1
Sample
U prilogu je nova narudzba.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
U prilogu je nova narudzba.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
xloader
2.5
euv4
anniebapartments.com
hagenbicycles.com
herbalist101.com
southerncorrosion.net
kuechenpruefer.com
tajniezdrzi.quest
segurofunerarioar.com
boardsandbeamsdecor.com
alifdanismanlik.com
pkem.top
mddc.clinic
handejqr.com
crux-at.com
awp.email
hugsforbubbs.com
cielotherepy.com
turkcuyuz.com
teamidc.com
lankasirinspa.com
68135.online
oprimanumerodos.com
launchclik.com
customapronsnow.com
thecuratedpour.com
20dzwww.com
encludemedia.com
kreativevisibility.net
mehfeels.com
oecmgroup.com
alert78.info
1207rossmoyne.com
spbutoto.com
t1uba.com
protection-onepa.com
byausorsm26-plala.xyz
bestpleasure4u.com
allmnlenem.quest
mobilpartes.com
fabio.tools
bubu3cin.com
nathanmartinez.digital
shristiprintingplaces.com
silkyflawless.com
berylgrote.top
laidbackfurniture.store
leatherman-neal.com
uschargeport.com
the-pumps.com
deepootech.com
drimev.com
seo-art.agency
jasabacklinkweb20.com
tracynicolalamond.com
dandtglaziers.com
vulacils.com
bendyourtongue.com
gulfund.com
ahmadfaizlajis.com
595531.com
metavillagehub.com
librairie-adrienne.com
77777.store
gongwenbo.com
game2plays.com
rematedeldia.com
Targets
-
-
Target
U prilogu je nova narudzba.exe
-
Size
816KB
-
MD5
5187c06ca968411e249402ac5340da8a
-
SHA1
ed941f029055524b3062fc3b8c6a9f1931fbe805
-
SHA256
a6cc6af418510edc207b3468d29e80afecce2aa47a683b02bc0da39c60505801
-
SHA512
73a73daa3b84c6fdbac8319939e9cfd259648066f2892869784aaf9fb21ce4b8299221c0adb3be53500a4dfb292d15564bb7cdc6f8ca091efac6b54f9fa61eb6
-
SSDEEP
12288:AkqyglaEq3vgPIzZpurCqayn2zetLP+L2/WXwCuiYlvLFB7u/GFI3dSq0j:AkCAYIzZpurCqaZ8/EwC/YFJgdS/j
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Xloader payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-