General
-
Target
015b354fa6bdb7bb4f85af652370aea3288d06879b631b34662726139588321b.zip
-
Size
911KB
-
Sample
241126-h9h1ga1key
-
MD5
be595ad68a131a502bc2f32a6a9290cd
-
SHA1
3c7dbb7c9929b26376248c2a45d45bf005aec3d7
-
SHA256
015b354fa6bdb7bb4f85af652370aea3288d06879b631b34662726139588321b
-
SHA512
c177ba4939fb9eb6a08c008fda1897a38745f2a1961969ce95fd6eee6b1801ce8c3630557ea8b6eefa555499a31a8ed937362cd3d4aa99e621f1559946279e08
-
SSDEEP
24576:WkOM+CHdFMiOI87SYGkOM+CHd5298Vrjvshb:WkOW9FMiOz7SYGkOW9HVrz2b
Malware Config
Targets
-
-
Target
MT EOM-S-RFQ-24-0108,PDF.exe
-
Size
1.0MB
-
MD5
905e89a0777ea7028b98fec510e7d673
-
SHA1
112a6e43806ea99bbd7327514c52679cb61bd598
-
SHA256
1c79e40226b16422eeb72a0dbdb8fec3c59d212ee8a59570bc3c6b7c4708b0a3
-
SHA512
3913cb681543cb69cd295ad0e7d137a9245d123ae6fe3588b66bf2324bbd376724cc1579930e946cebc04cda96dbc01c8bbf9e9f5e64ff9e6c887602407617c0
-
SSDEEP
24576:ZVb5KPAdOzVmG3zd+0IDT8Jf3pbV13Jks:ZVhOhd+0I8t5X
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
RFQ Submission Template,PDF.exe
-
Size
1.0MB
-
MD5
78faed42e0a23bb4c9569f54fc152ebb
-
SHA1
64712278f00a4b671963049b4cd6cde58064ba97
-
SHA256
994d068918ad6719ce3467adb3290af8ba04b67ba0ec23d5f2d127646c99a5fd
-
SHA512
37da83aefb366c2e1da2d3dbd3ecea72aa1d56c0ef311ac76e012009396e9d77ce094535401a86d49338302d662a43879cc8f196375c873f9378a33d001e65ae
-
SSDEEP
24576:ZVb5KPAdOzVmG3zd+YIDT8Jf3pbV13Jks:ZVhOhd+YI8t5X
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-