General
-
Target
7bc1eeb113f774f054e5f12d199dc10a.zip
-
Size
382KB
-
Sample
230706-ppt1kaah75
-
MD5
15ac67b2c00c59bc895637d62fdc8172
-
SHA1
b14acfb6c4ae4f55598f54706ca73095a14588bd
-
SHA256
feacddea97c71bcbacb2c144f56e46bed1412c3d6b94631f6955075b523e5b50
-
SHA512
cc04ccc8af2a11e266078842831bef152ea13298808d5d110d86d367e05ed5f3590984700df0788791c39f844a5c820ebe29012a0c7ff8bdae19e0d0b8156966
-
SSDEEP
6144:R7RLNCYtP0J4kAIwyrE9GTagPp3vcIXI5kIIPorzAcp8e41OFjnBxOVjudME5:R7zCwGPXp3ECsk6rzAG8eWOJnBmuR
Static task
static1
Behavioral task
behavioral1
Sample
Vadesi Gecmis Fatura.exe
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
Vadesi Gecmis Fatura.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
xloader
2.6
uj3c
copimetro.com
choonchain.com
luxxwireless.com
fashionweekofcincinnati.com
campingshare.net
suncochina.com
kidsfundoor.com
testingnyc.co
lovesoe.com
vehiclesbeenrecord.com
socialpearmarketing.com
maxproductdji.com
getallarticle.online
forummind.com
arenamarenostrum.com
trisuaka.xyz
designgamagazine.com
chateaulehotel.com
huangse5.com
esginvestment.tech
intercontinentalship.com
moneytaoism.com
agardenfortwo.com
trendiddas.com
fjuoomw.xyz
dantvilla.com
shopwithtrooperdavecom.com
lanwenzong.com
xpertsrealty.com
gamelabsmash.com
nomaxdic.com
chillyracing.com
mypleasure-blog.com
projectkyla.com
florurbana.com
oneplacemexico.com
gografic.com
giantht.com
dotombori-base.com
westlifinance.online
maacsecurity.com
lydas.info
instapandas.com
labustiadepaper.net
unglue52.com
onurnet.net
wellkept.info
6111.site
platinumroofingsusa.com
bodyplex.fitness
empireapothecary.com
meigsbuilds.online
garygrover.com
nicholasnikas.com
yd9992.com
protections-clients.info
sueyhzx.com
naturathome.info
superinformatico.net
printsgarden.com
xn--qn1b03fy2b841b.com
preferable.info
ozzyconstructionma.com
10stopp.online
nutricognition.com
Targets
-
-
Target
Vadesi Gecmis Fatura.exe
-
Size
746KB
-
MD5
032e93902c4e6b2bf7fb6d4c9ea88d51
-
SHA1
2f724dde1900a94622a238481a28d4130be6d7d3
-
SHA256
361d18f86c96f9e72fa6979b09148f9e94ced13a55409265157012cf8427e60d
-
SHA512
768259ed7db861719b32a265f56dd64a80befa1bfbc4c79008fd62644089ad250cbca1ddefc6c34f1f06c39f93695879fd98ee7db88e61e31f5135960ee52c81
-
SSDEEP
12288:3GR+Vd0ckynvLwdJgNsycuL573BhZWPNFWrsEL09pmHtJNNW/8kGPQ:3GAVk4Mwom77WGrs9StJNSGP
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Xloader payload
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-