General
-
Target
Popis gostiju u prilogu.zip
-
Size
366KB
-
Sample
230413-m3d56acc6t
-
MD5
a19fcdf578496d0ee9984b1edfc63053
-
SHA1
02807dfc49b5c484e7486315765ac9380b7c87e7
-
SHA256
2aa5d77dc9e220153a64d43e3ef344f140c3e85a0d69663c8c38c2a8d3fb96dc
-
SHA512
73aaed9446761e6ee96c8b26acf7385da6be957776096eb54f40c5b16bc93014a738b7559f7cda80c9c2a03a78e41bbe87dd6c03b2a140ce905ee05402fb7e11
-
SSDEEP
6144:hpiR/rKO4+UBiFMy80XNSNKb6suZlIaPOrB6F8rf40ujRqSDizn6:hO+KUB+v8wjG1saPmBg0ujRqSWu
Static task
static1
Behavioral task
behavioral1
Sample
Popis gostiju u prilogu.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Popis gostiju u prilogu.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
xloader
2.5
euv4
anniebapartments.com
hagenbicycles.com
herbalist101.com
southerncorrosion.net
kuechenpruefer.com
tajniezdrzi.quest
segurofunerarioar.com
boardsandbeamsdecor.com
alifdanismanlik.com
pkem.top
mddc.clinic
handejqr.com
crux-at.com
awp.email
hugsforbubbs.com
cielotherepy.com
turkcuyuz.com
teamidc.com
lankasirinspa.com
68135.online
oprimanumerodos.com
launchclik.com
customapronsnow.com
thecuratedpour.com
20dzwww.com
encludemedia.com
kreativevisibility.net
mehfeels.com
oecmgroup.com
alert78.info
1207rossmoyne.com
spbutoto.com
t1uba.com
protection-onepa.com
byausorsm26-plala.xyz
bestpleasure4u.com
allmnlenem.quest
mobilpartes.com
fabio.tools
bubu3cin.com
nathanmartinez.digital
shristiprintingplaces.com
silkyflawless.com
berylgrote.top
laidbackfurniture.store
leatherman-neal.com
uschargeport.com
the-pumps.com
deepootech.com
drimev.com
seo-art.agency
jasabacklinkweb20.com
tracynicolalamond.com
dandtglaziers.com
vulacils.com
bendyourtongue.com
gulfund.com
ahmadfaizlajis.com
595531.com
metavillagehub.com
librairie-adrienne.com
77777.store
gongwenbo.com
game2plays.com
rematedeldia.com
Targets
-
-
Target
Popis gostiju u prilogu.exe
-
Size
769KB
-
MD5
7ebb88878607b2198fa599a8b69fa83b
-
SHA1
9008a6a4439a8e64c371e15a1ed3210f6e6a7d40
-
SHA256
b2d9890dbbc344c79e99127f7aebf3f459349081c2033e5288128bd2cb37a8b4
-
SHA512
57563c6c949f92a22d3cacae01c06a7ba198afe4b067e41010151259b9e1a234f1dd5cddd2bc506242e630efe34564b674b6ecbc9a8a777479a3884f7014e857
-
SSDEEP
12288:cjtATpxC7cYFqGwib8yzaeCvFJIqtIz2XjkJ/PufCUWUo2:cjt2pHYkUraDvFTIazkJ/Pu/ro
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Xloader payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-