Overview
overview
10Static
static
7Perl Edito...nt.exe
windows7-x64
10Perl Edito...nt.exe
windows10-2004-x64
10Perl Edito...or.chm
windows7-x64
1Perl Edito...or.chm
windows10-2004-x64
1Perl Edito...or.exe
windows7-x64
10Perl Edito...or.exe
windows10-2004-x64
10Perl Edito...llo.pl
ubuntu-18.04-amd64
Perl Edito...llo.pl
debian-9-armhf
Perl Edito...llo.pl
debian-9-mips
Perl Edito...llo.pl
debian-9-mipsel
Perl Edito...ars.pl
ubuntu-18.04-amd64
Perl Edito...ars.pl
debian-9-armhf
Perl Edito...ars.pl
debian-9-mips
Perl Edito...ars.pl
debian-9-mipsel
Perl Edito...llo.pl
ubuntu-18.04-amd64
Perl Edito...llo.pl
debian-9-armhf
Perl Edito...llo.pl
debian-9-mips
Perl Edito...llo.pl
debian-9-mipsel
Perl Edito...orm.pl
ubuntu-18.04-amd64
Perl Edito...orm.pl
debian-9-armhf
Perl Edito...orm.pl
debian-9-mips
Perl Edito...orm.pl
debian-9-mipsel
Perl Edito...ram.pl
ubuntu-18.04-amd64
Perl Edito...ram.pl
debian-9-armhf
Perl Edito...ram.pl
debian-9-mips
Perl Edito...ram.pl
debian-9-mipsel
Perl Edito...ime.pl
ubuntu-18.04-amd64
Perl Edito...ime.pl
debian-9-armhf
Perl Edito...ime.pl
debian-9-mips
Perl Edito...ime.pl
debian-9-mipsel
Perl Edito...er.exe
windows7-x64
10Perl Edito...er.exe
windows10-2004-x64
10Analysis
-
max time kernel
140s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
20-06-2024 09:43
Behavioral task
behavioral1
Sample
Perl Editor/Breakpnt.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Perl Editor/Breakpnt.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
Perl Editor/Pleditor.chm
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
Perl Editor/Pleditor.chm
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
Perl Editor/Pleditor.exe
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
Perl Editor/Pleditor.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral7
Sample
Perl Editor/Samples/cp-hello.pl
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral8
Sample
Perl Editor/Samples/cp-hello.pl
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral9
Sample
Perl Editor/Samples/cp-hello.pl
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral10
Sample
Perl Editor/Samples/cp-hello.pl
Resource
debian9-mipsel-20240226-en
Behavioral task
behavioral11
Sample
Perl Editor/Samples/envvars.pl
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral12
Sample
Perl Editor/Samples/envvars.pl
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral13
Sample
Perl Editor/Samples/envvars.pl
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral14
Sample
Perl Editor/Samples/envvars.pl
Resource
debian9-mipsel-20240418-en
Behavioral task
behavioral15
Sample
Perl Editor/Samples/hello.pl
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral16
Sample
Perl Editor/Samples/hello.pl
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral17
Sample
Perl Editor/Samples/hello.pl
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral18
Sample
Perl Editor/Samples/hello.pl
Resource
debian9-mipsel-20240611-en
Behavioral task
behavioral19
Sample
Perl Editor/Samples/oldform.pl
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral20
Sample
Perl Editor/Samples/oldform.pl
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral21
Sample
Perl Editor/Samples/oldform.pl
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral22
Sample
Perl Editor/Samples/oldform.pl
Resource
debian9-mipsel-20240418-en
Behavioral task
behavioral23
Sample
Perl Editor/Samples/param.pl
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral24
Sample
Perl Editor/Samples/param.pl
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral25
Sample
Perl Editor/Samples/param.pl
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral26
Sample
Perl Editor/Samples/param.pl
Resource
debian9-mipsel-20240611-en
Behavioral task
behavioral27
Sample
Perl Editor/Samples/time.pl
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral28
Sample
Perl Editor/Samples/time.pl
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral29
Sample
Perl Editor/Samples/time.pl
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral30
Sample
Perl Editor/Samples/time.pl
Resource
debian9-mipsel-20240418-en
Behavioral task
behavioral31
Sample
Perl Editor/Uploader.exe
Resource
win7-20240508-en
Behavioral task
behavioral32
Sample
Perl Editor/Uploader.exe
Resource
win10v2004-20240508-en
General
-
Target
Perl Editor/Breakpnt.exe
-
Size
414KB
-
MD5
1519f2664204424acd3fe48ead1ca26a
-
SHA1
de41c62355dadc564d80d2931d5e2d02c3cff4f9
-
SHA256
1300017580ecf5911accfb865f658f76facfa869a42c0b542e6c04931e02e431
-
SHA512
e3fed2e946c301caa974f15ac16e75d6873f1fbff2d565dc2769eb122c0f67ae42175719eb7a396a3cad0cfac800506ee347e7dfd98d69de6a8b36b9e202eb67
-
SSDEEP
12288:spCOyva7D/JcvzSKvgDhCGkW1meyUGpnYFPipu:s0wzOBvKhaW1HGlYME
Malware Config
Signatures
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader First Stage 1 IoCs
resource yara_rule behavioral2/memory/916-28-0x0000000000400000-0x0000000000508000-memory.dmp modiloader_stage1 -
Modifies registry class 3 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key Breakpnt.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ Breakpnt.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" Breakpnt.exe