Analysis
-
max time kernel
140s -
max time network
197s -
platform
windows10-2004_x64 -
resource
win10v2004-20231127-en -
resource tags
arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system -
submitted
01-12-2023 15:09
Behavioral task
behavioral1
Sample
6df93ced6c976c448553f7abaf828e4d02f121eedcc47134036062a4151d4bc3.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
6df93ced6c976c448553f7abaf828e4d02f121eedcc47134036062a4151d4bc3.exe
Resource
win10v2004-20231127-en
General
-
Target
6df93ced6c976c448553f7abaf828e4d02f121eedcc47134036062a4151d4bc3.exe
-
Size
3.3MB
-
MD5
341e6118300427eff58d3da5f1b9b4b7
-
SHA1
26e236c308fd8b7f6a6fec3dd2790e039ecbb7e7
-
SHA256
6df93ced6c976c448553f7abaf828e4d02f121eedcc47134036062a4151d4bc3
-
SHA512
4348b7db8be86211ef41f58b4fc5c16c527c4015947e29e409c2174caaa23a2010b81256d31a7e1b5a93f270c725efa58f307f515a7cb858c37c1a657998934a
-
SSDEEP
98304:4IRh2HdK1x9Z2EpfJJKHco8GuBdHoMgY8TUK8onkyUlE:4x81x9Z2d3iRoMCwK8onDUlE
Malware Config
Signatures
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader First Stage 4 IoCs
Processes:
resource yara_rule behavioral2/memory/3940-2-0x0000000000400000-0x00000000008FE000-memory.dmp modiloader_stage1 behavioral2/memory/3940-3-0x0000000000400000-0x00000000008FE000-memory.dmp modiloader_stage1 behavioral2/memory/3940-4-0x0000000000400000-0x00000000008FE000-memory.dmp modiloader_stage1 behavioral2/memory/3940-7-0x0000000000400000-0x00000000008FE000-memory.dmp modiloader_stage1 -
Processes:
resource yara_rule behavioral2/memory/3940-0-0x0000000000400000-0x00000000008FE000-memory.dmp upx behavioral2/memory/3940-1-0x0000000000400000-0x00000000008FE000-memory.dmp upx behavioral2/memory/3940-2-0x0000000000400000-0x00000000008FE000-memory.dmp upx behavioral2/memory/3940-3-0x0000000000400000-0x00000000008FE000-memory.dmp upx behavioral2/memory/3940-4-0x0000000000400000-0x00000000008FE000-memory.dmp upx behavioral2/memory/3940-7-0x0000000000400000-0x00000000008FE000-memory.dmp upx