General
-
Target
Order_948575494759.xls
-
Size
1.1MB
-
Sample
241218-p6x4js1lhn
-
MD5
6bcc53dc843155e886f469778b4216f1
-
SHA1
ca277194f41d84c108389a788d7281e7566ed9f0
-
SHA256
379fe2ae5a34b2349fe492b4318c589416c5cc8f1e54eb1502455863da17395e
-
SHA512
cd6da13c89795461e4b804be52500b9db81887d18cadb0dd431cc49850db189f4e6dbb9731810d3ae55c7145ee46ee5fdc9e9606dfc73b08c2d9e5a9169abc28
-
SSDEEP
12288:y8zJmzHJEUiOIBUzMTSSD3DERnLRmF8DhEPpxpsAQx1Zj+jLEPHbrpW8osAz85qW:MBanbARM8At8Z+j6RsSIUAI
Malware Config
Targets
-
-
Target
Order_948575494759.xls
-
Size
1.1MB
-
MD5
6bcc53dc843155e886f469778b4216f1
-
SHA1
ca277194f41d84c108389a788d7281e7566ed9f0
-
SHA256
379fe2ae5a34b2349fe492b4318c589416c5cc8f1e54eb1502455863da17395e
-
SHA512
cd6da13c89795461e4b804be52500b9db81887d18cadb0dd431cc49850db189f4e6dbb9731810d3ae55c7145ee46ee5fdc9e9606dfc73b08c2d9e5a9169abc28
-
SSDEEP
12288:y8zJmzHJEUiOIBUzMTSSD3DERnLRmF8DhEPpxpsAQx1Zj+jLEPHbrpW8osAz85qW:MBanbARM8At8Z+j6RsSIUAI
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
ModiLoader Second Stage
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Evasion via Device Credential Deployment
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-