Analysis
-
max time kernel
140s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
23-12-2024 14:00
Static task
static1
Behavioral task
behavioral1
Sample
Maksājuma dokuments 10B715.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Maksājuma dokuments 10B715.exe
Resource
win10v2004-20241007-en
General
-
Target
Maksājuma dokuments 10B715.exe
-
Size
1.1MB
-
MD5
95fc7545ef486575c2bfec6c7dedc5a5
-
SHA1
a367210a638b5aecd711ec6e407cec18424d84f1
-
SHA256
cbf282ed60bfbd76a602b9021c83546e781f8797e4b1430fc0dbf6528544b059
-
SHA512
520a831bdad271a76f51214a278dfe86dc1c6065da402af623caca3c8f1b6704a9740158b290db89b7a98ffc1a78a80401248a14ec7b7b0195aa3bbae6926953
-
SSDEEP
12288:gJROS/D7RYUfXkIlC+23Oy55Wf/lJrQGX/uV9S7AlPBbrEZlgfkmHvXbCyVsQHwQ:gP3taIH23P5IJgqU3rLCX9Q
Malware Config
Extracted
modiloader
https://cdn.discordapp.com/attachments/753549570230976536/770513688603131934/Jttndes
Signatures
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader First Stage 1 IoCs
resource yara_rule behavioral1/memory/2872-4-0x0000000003B40000-0x0000000003BC5000-memory.dmp modiloader_stage1 -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs
flow ioc 2 discord.com -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Maksājuma dokuments 10B715.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2872 Maksājuma dokuments 10B715.exe