General
-
Target
20c96d6b0079447b92aa0398f6717f27143f57344c9dbedc883ea8f3defbf39d.exe
-
Size
1.3MB
-
Sample
240524-me2ljsde9s
-
MD5
a727d144b8c72c3e8e2be8dcd2c03d06
-
SHA1
49c198221a162575df965cf3844dc3126ad6c943
-
SHA256
20c96d6b0079447b92aa0398f6717f27143f57344c9dbedc883ea8f3defbf39d
-
SHA512
af5d7769edcbf9e3b94c276dde24603a715ef13473182334945e553742722cbc1ee322f62f603353b74208557e0581809b04cb02347fa0d859896a9b563458ea
-
SSDEEP
24576:AP+g7Wy3xfMZKdcKtTjbJ45EEEEEEEEEEEEEEEEEEEETKKKKKKKKKKKKKKKKKKK7:A/iy3g6Tjb2EEEEEEEEEEEEEEEEEEEE+
Malware Config
Extracted
Protocol: smtp- Host:
mail.hinge1.com - Port:
587 - Username:
[email protected] - Password:
Dani060108!
Targets
-
-
Target
20c96d6b0079447b92aa0398f6717f27143f57344c9dbedc883ea8f3defbf39d.exe
-
Size
1.3MB
-
MD5
a727d144b8c72c3e8e2be8dcd2c03d06
-
SHA1
49c198221a162575df965cf3844dc3126ad6c943
-
SHA256
20c96d6b0079447b92aa0398f6717f27143f57344c9dbedc883ea8f3defbf39d
-
SHA512
af5d7769edcbf9e3b94c276dde24603a715ef13473182334945e553742722cbc1ee322f62f603353b74208557e0581809b04cb02347fa0d859896a9b563458ea
-
SSDEEP
24576:AP+g7Wy3xfMZKdcKtTjbJ45EEEEEEEEEEEEEEEEEEEETKKKKKKKKKKKKKKKKKKK7:A/iy3g6Tjb2EEEEEEEEEEEEEEEEEEEE+
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-