General
-
Target
e5301b4327f48190ac46285e3f72669948ab296eea2fb812891d42b0133e7dac
-
Size
1.4MB
-
Sample
240615-bwc4qsyakr
-
MD5
2334618c0c2d54630193709aacf7bc3c
-
SHA1
770a9b0f865f3a871d64d4a9db02d70ded901afd
-
SHA256
e5301b4327f48190ac46285e3f72669948ab296eea2fb812891d42b0133e7dac
-
SHA512
954d7face3fb01cf149f730e7d2749c90844e373c39179cc0e6bc9206a03ca3f287d1b29988d15af1b4842b838799b631e603433e005bb895907d63a4f14681a
-
SSDEEP
24576:Yw3thka9xpnXu4+oiJuHVCv3dO2gO2H+GL7WHuYz0X7pt9mKhvIAwzyJ:x3/kaDxHiUH8VO2gr+Gvy+NmMvIAwS
Static task
static1
Behavioral task
behavioral1
Sample
PO-565362627627.cmd
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
PO-565362627627.cmd
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
PO-565362627627.cmd
-
Size
4.3MB
-
MD5
8aa8b69f3132a524421cf7fe0911bbd9
-
SHA1
5ff1ffa9f1309110774dd079a96ea3f66773a081
-
SHA256
c1ec40707b9212d81d8ec40950e1222c3b5124d07974c56df33706637986f8dd
-
SHA512
b434ee49f1a8b004c4f521122a551c1f5e433e9c8ca7427e18d4d44cec06298aac5c4572d3802b3184e14db4f998da1d5354935a20e7ffe0721402fbc3a3652d
-
SSDEEP
24576:45Mrv/oEbMykRyeB182egMdyhXTKrXscV/bcsHuurHP0OSRB/KdHQO+j7G/0Rxaw:4KrDQy0P82syhXTdO/Q2BP05idd8dkE
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-