Analysis
-
max time kernel
142s -
max time network
121s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
31/01/2024, 10:12
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
INVOICE.XLS..exe
Resource
win7-20231215-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
INVOICE.XLS..exe
Resource
win10v2004-20231215-en
2 signatures
150 seconds
General
-
Target
INVOICE.XLS..exe
-
Size
2.0MB
-
MD5
110a3f8081fd420ebb5251f8ec1d454b
-
SHA1
3b2d87d5e5a014372b0b75e5ed4d49396a33f72e
-
SHA256
7ac13d34e6adb000c65f0c6c3b68fb790f0a1a5a1042be6da4351b96bb94cae8
-
SHA512
81322593c772ab927c50d2b5ccc30302d4f08fff235130c1c4c2d0fbcebfe617642d73be93f3c3a9731ac24214d70a719299db79e0b19a377abfefcc95a6bdf8
-
SSDEEP
49152:pqAodhXjnxf2hd7c7mvrq0gOPYaF5P0R:pqAo2hd7Ymu0gOpuR
Score
10/10
Malware Config
Signatures
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage 1 IoCs
resource yara_rule behavioral2/memory/1188-2-0x0000000004190000-0x0000000005190000-memory.dmp modiloader_stage2