Analysis
-
max time kernel
107s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
19-06-2023 19:29
Behavioral task
behavioral1
Sample
81404bf7229ba5c9dd78cbf70e6d896231b652b0a313336b0ec42ae5a396983c.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
81404bf7229ba5c9dd78cbf70e6d896231b652b0a313336b0ec42ae5a396983c.exe
Resource
win10v2004-20230220-en
General
-
Target
81404bf7229ba5c9dd78cbf70e6d896231b652b0a313336b0ec42ae5a396983c.exe
-
Size
1.7MB
-
MD5
e58e4ee540bf6891fd790839569f5092
-
SHA1
1c02f5ab27d84139bfe32f03e7a717cfd297558b
-
SHA256
81404bf7229ba5c9dd78cbf70e6d896231b652b0a313336b0ec42ae5a396983c
-
SHA512
2bf0eb803ca9383b6ac39e1ab2c87d3c46782671086f22c8b1fe2fad89c848a157ff5c6bc181d5b120a227f2c5519aa6084a50602de3ae4fb9968f4911ed3c0b
-
SSDEEP
49152:O3NEmAKOdh4iJZUoL+Y/RxccdECL66fT6Gu/xB1SrC:O39iDZUWxccCgLuX1Se
Malware Config
Signatures
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader First Stage 2 IoCs
Processes:
resource yara_rule behavioral2/memory/1624-133-0x0000000000400000-0x0000000000AF1000-memory.dmp modiloader_stage1 behavioral2/memory/1624-134-0x0000000000400000-0x0000000000AF1000-memory.dmp modiloader_stage1