General
-
Target
CAMSCANNER 2024.tar.gz
-
Size
594KB
-
Sample
241119-lz2xdavcmj
-
MD5
6c58745334f1eeb93086af71d76fc525
-
SHA1
aa8a75a9d342f3b5c6c03c32e97d50503c2ee98f
-
SHA256
b3a2925a541e35a2b455959fa19eb44e5c4b771f83300ea8535ce15f9207e148
-
SHA512
c61b76431363c682bb6a4fa920a4e1a40359e805fd3853c91acf1d1c977024e2c83e81d688f94645deb23a0cc0a72bcd5364a8ae7e7dc2cba661e46a75ce3f98
-
SSDEEP
12288:2TW53RhFeS4CZUNW67DCnIEjBO5NLlpFTXCDv6iuudH5hzcLHk:2mRDeS4CZi7DCIIO51lpcvLL5hgLHk
Static task
static1
Behavioral task
behavioral1
Sample
CAMSCANNER 2024.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
CAMSCANNER 2024.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
CAMSCANNER 2024.exe
-
Size
1.2MB
-
MD5
df6f291f617d9dbae8f32fb11ecd59c1
-
SHA1
3d26f65c19079bea772572e3367b4185aa4c99ca
-
SHA256
43223d630e7d3898d254eaf0c02264261ada01c3ed93fc119c6550e66f406a5b
-
SHA512
4065e8c1072b89b6d741f8268de54ddb5521acad91fb13491fc1e1ed75467e753764501e201336c67cd7871b0774b835222c53e9f29ddf4ca72dac0d37f5f163
-
SSDEEP
24576:KdKnJlmwhG7vohKM4br2Qza6HR2zlPQxL/F99UljJes8lSnQ:KCl7kYOLSes8lSQ
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-