General
-
Target
23042024_2208_yt.hta
-
Size
76KB
-
Sample
240423-rfjvcagh21
-
MD5
16d297e8eee126e4b52198eff43b6c36
-
SHA1
5ff70dd47d868edb3f837511a55030810ec7968b
-
SHA256
9a3b2d8d0e1da113f6c12a4d1517c71b8810006a3031cf129ce2ace2b2be673f
-
SHA512
604ef34a0953d7fa1a435115f603ca45ff5b26f5033d1611d28febe2440b45e8506ef5f8eabf1b6302d4ae61a10964f6086b4e3387c3c5aab06932bace13c6e5
-
SSDEEP
1536:JGgLIQnvgGY9GpGOG2GSGhGKpSozTqQZwnLPcS:TvTY9GpGOG2GSGhGKpvzTTZeLUS
Static task
static1
Behavioral task
behavioral1
Sample
23042024_2208_yt.hta
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
23042024_2208_yt.hta
Resource
win10v2004-20240412-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.irmaklarpaslanmaz.com.tr - Port:
587 - Username:
muhasebe@irmaklarpaslanmaz.com.tr - Password:
MH5473588PmZ
Targets
-
-
Target
23042024_2208_yt.hta
-
Size
76KB
-
MD5
16d297e8eee126e4b52198eff43b6c36
-
SHA1
5ff70dd47d868edb3f837511a55030810ec7968b
-
SHA256
9a3b2d8d0e1da113f6c12a4d1517c71b8810006a3031cf129ce2ace2b2be673f
-
SHA512
604ef34a0953d7fa1a435115f603ca45ff5b26f5033d1611d28febe2440b45e8506ef5f8eabf1b6302d4ae61a10964f6086b4e3387c3c5aab06932bace13c6e5
-
SSDEEP
1536:JGgLIQnvgGY9GpGOG2GSGhGKpSozTqQZwnLPcS:TvTY9GpGOG2GSGhGKpvzTTZeLUS
-
Detect ZGRat V1
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-