General
-
Target
926871a28c6b2606a37a3127b8f7a36eadea6b72b90a7bed6c2a2840e4e6d864.rtf
-
Size
63KB
-
Sample
240424-b2qxsadg97
-
MD5
b4b0c10dc8fb59ed963fe34b31f6da3e
-
SHA1
21c3add22d2e3c8142cc8bfbf9980354f06a5792
-
SHA256
926871a28c6b2606a37a3127b8f7a36eadea6b72b90a7bed6c2a2840e4e6d864
-
SHA512
623deb764030dc3d59d8f94ef246448c74f60b10d5acdec830ad633f417d97a5edbda7b125114bd370b206fb97df209c3c2f751d44556028c5e9f17c231acb67
-
SSDEEP
1536:j5nyQ8BuHtgHYeiTrk0cM0U2cHwFhTCPEPt6jUeGy5c14blZ0VNujA:j5nyQdHtg4eiT40cJ1FdCPQt6jaUc14U
Malware Config
Targets
-
-
Target
926871a28c6b2606a37a3127b8f7a36eadea6b72b90a7bed6c2a2840e4e6d864.rtf
-
Size
63KB
-
MD5
b4b0c10dc8fb59ed963fe34b31f6da3e
-
SHA1
21c3add22d2e3c8142cc8bfbf9980354f06a5792
-
SHA256
926871a28c6b2606a37a3127b8f7a36eadea6b72b90a7bed6c2a2840e4e6d864
-
SHA512
623deb764030dc3d59d8f94ef246448c74f60b10d5acdec830ad633f417d97a5edbda7b125114bd370b206fb97df209c3c2f751d44556028c5e9f17c231acb67
-
SSDEEP
1536:j5nyQ8BuHtgHYeiTrk0cM0U2cHwFhTCPEPt6jUeGy5c14blZ0VNujA:j5nyQdHtg4eiT40cJ1FdCPQt6jaUc14U
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
ModiLoader Second Stage
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-