General
-
Target
doc023561361500.cmd
-
Size
4.9MB
-
Sample
240515-kqrjlshg2v
-
MD5
d05bed0572c3ce597f3b4be7a2606c08
-
SHA1
f621468b397308f1055afaf2f27814a390eb16ea
-
SHA256
e84dd67c7831168c1d7a0f11a78d1e0497eb1cfa8689b25b291ee4b1b96826a4
-
SHA512
4fbe7a932d91882491648b489ec1e2c349ec71423c071e3f751c130e51ae62881473a9feaf3d842c60ed2fb6922b59f0b611491145e84b07e7145efb0ca7ec79
-
SSDEEP
24576:sYkuWvLHtSs/yfVZIC5z65HTGq42xfcJele9P2dxBJGhRC8Ih:sYkuWTcDXB65HPxfhleljIh
Static task
static1
Behavioral task
behavioral1
Sample
doc023561361500.cmd
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
doc023561361500.cmd
-
Size
4.9MB
-
MD5
d05bed0572c3ce597f3b4be7a2606c08
-
SHA1
f621468b397308f1055afaf2f27814a390eb16ea
-
SHA256
e84dd67c7831168c1d7a0f11a78d1e0497eb1cfa8689b25b291ee4b1b96826a4
-
SHA512
4fbe7a932d91882491648b489ec1e2c349ec71423c071e3f751c130e51ae62881473a9feaf3d842c60ed2fb6922b59f0b611491145e84b07e7145efb0ca7ec79
-
SSDEEP
24576:sYkuWvLHtSs/yfVZIC5z65HTGq42xfcJele9P2dxBJGhRC8Ih:sYkuWTcDXB65HPxfhleljIh
-
Detect ZGRat V1
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-