General
-
Target
TahsilatMakbuzu.pdf.Tar
-
Size
781KB
-
Sample
240612-tc1pssvbnp
-
MD5
b417c14cc1cdb0a69f0a82eafa83a5b0
-
SHA1
2c84af2439bb438616ff245efdd3f990d87f60d7
-
SHA256
4fdc32f43e8b2388eaedbd3cfd2989a8ae86357887b0f76280c4c7903b6cf291
-
SHA512
dc1691533e66ced910b53006d1c8641796865e78f7be5ccd3cd0556971ad88c0c2f5259a3163c54e3f0d28f42cb375bd6be32acc7cb9b1c83acb5a28f22a919f
-
SSDEEP
12288:RwmqCRaJC539c4BYR2tlioFcrdPTrSdUalh98yozIvuwL/IWnbzM8AlKbjdGF6x:RLhQR6l4rpKOwW/ImwpvMRgbl
Static task
static1
Behavioral task
behavioral1
Sample
TahsilatMakbuzu.pdf.cmd
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
TahsilatMakbuzu.pdf.cmd
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
TahsilatMakbuzu.pdf.cmd
-
Size
3.1MB
-
MD5
954ce5748eb4c9443e5f371e9011ed49
-
SHA1
46141d9c529a1445dc7f749252eceb1d534e1f7f
-
SHA256
08966de468601537e7b35dca3795e41b124d9d3849caefae0e9e7eae182cc57b
-
SHA512
3a6d243ce8a26fac7a11dc4fda7816c6f46f7041cfd6808dc110738c6f56fdcd0e19b295cd70ecfb4bbc4628a8076c7026113007c1e2db1b86b49819e61ae1fe
-
SSDEEP
49152:dmcZjA7xaJ7ArADAFbceewfaoiq440nE2uNfANfWiHtB:P
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-