General
-
Target
payment_copy.zip
-
Size
76KB
-
Sample
240514-qdyeaagg84
-
MD5
a27b6bac219817e09c72a0f67ea48565
-
SHA1
44c831277696b988ed116f98608dd766d2827bce
-
SHA256
461808a3c8fb7ec9950a8b7d69343244b8363a8b06e553141f7a14d6cdf75ee6
-
SHA512
d3935de5da719714953c1ebc062d665b501333262cd6321ed851afa807326be2b2f41512fce1ab33fde8bd5e80e962fa6e8c7c94826212d5d356bca6b8b28227
-
SSDEEP
1536:mEi0meGP4HF7sIuUPVecwXnnc1l0PuJmQnlqmJw+:9irZ6huKInc1lUQnlqZ+
Behavioral task
behavioral1
Sample
payment copy.pdf
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
payment copy.pdf
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
payment copy.pdf
-
Size
76KB
-
MD5
ac3a8f618810c3680ce24a24252b5252
-
SHA1
658126c5d9a6a7424861c2aee07816ae5498c8c1
-
SHA256
77948e428ad7708bb79e23ec0dd199b4d25bed6c58813b1297eed1cd03251960
-
SHA512
d56a2b6678c88ee311b4189f1811ba14df22c5e536f89f253eaac570113a405057ec7005fc1fad087b01b056a59791693b5a18ecd2f3f24db181c839cf1b791d
-
SSDEEP
1536:yRNRvcJqzv+kafzNQDo8c2hlneYPJMpCJEM1qatanErV6Q7MyNCbbi1XEk:yRkJq5+J8zneQJMpCOZataExMyY3QXL
-
Detect ZGRat V1
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-