Analysis
-
max time kernel
128s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
05-05-2024 01:13
Static task
static1
Behavioral task
behavioral1
Sample
DHL STATEMENT OF ACCOUNT e COPY 0087965677555.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
DHL STATEMENT OF ACCOUNT e COPY 0087965677555.exe
Resource
win10v2004-20240419-en
General
-
Target
DHL STATEMENT OF ACCOUNT e COPY 0087965677555.exe
-
Size
881KB
-
MD5
c6371a959e9e74c78719e2bdd259b9c2
-
SHA1
6eb6fbe3541085ac113a160d6fabfd0990303dcb
-
SHA256
bb06b854327139dfb8b3ecacff60c3dc13dc485ee74eba0e71afe575299fc252
-
SHA512
e63889469acbc68d75eed22c57a112eb1bfbbe0113bccdb65bd827023ba6aa071d417e033304faa7785af4c4508c14d516a0b70c2146234ec4b56686c258918b
-
SSDEEP
12288:dZREX+Lzw1fVVPvIWbYzpcVp5csRbSA6E7xvWVL+doDfO7Q3:dnZw1tBjdp5c2bSO9vWVqQs0
Malware Config
Extracted
modiloader
https://cdn.discordapp.com/attachments/753549570230976536/755660991227887657/Qapjayi
Signatures
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader First Stage 1 IoCs
Processes:
resource yara_rule behavioral2/memory/808-3-0x00000000022C0000-0x00000000022FA000-memory.dmp modiloader_stage1 -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3656 808 WerFault.exe DHL STATEMENT OF ACCOUNT e COPY 0087965677555.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\DHL STATEMENT OF ACCOUNT e COPY 0087965677555.exe"C:\Users\Admin\AppData\Local\Temp\DHL STATEMENT OF ACCOUNT e COPY 0087965677555.exe"1⤵PID:808
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 808 -s 16522⤵
- Program crash
PID:3656
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 808 -ip 8081⤵PID:1464