Extracted

• • Target

    REF-REFERENCE-ORDER-QUOTATION-DETAILS.cmd

  • Size

    5.0MB

  • MD5

    61acf73d931438d77e85e31f3b5d8e6a

  • SHA1

    2abe35f912290a8d4ddaa4485266e9d441d7eb13

  • SHA256

    7b8008ab3703f5e1bfaf4d2970c133068fbdba704c311819e282c4456866afdc

  • SHA512

    1efb0f8ec52b3ee0a3902ce89d70de6bcc117493f2a46265f8d1b1b7e50542b0f39b7a15e3f40a562cd98c591ac328c44504dee8f8f05186f750e26a3832f637

  • SSDEEP

    49152:sZZC85MQCbNigm89TxcS/OCjapGp2eq2PDdpGuC3JClhJphPv/84LuSNtGaSy6Qm:C

  Score

  10^/10

  modiloaderdiscoverytrojandarkcloudpersistencespywarestealer

  • DarkCloud

    An information stealer written in Visual Basic.

    stealerdarkcloud

  • Darkcloud family

    darkcloud

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader

  • Modiloader family

    modiloader

  • ModiLoader Second Stage

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2