General
-
Target
0f7e5c8468382eb80bd866fbe772653d.exe
-
Size
1.7MB
-
Sample
250330-wlej2awkz6
-
MD5
0f7e5c8468382eb80bd866fbe772653d
-
SHA1
aee49bfa1bccbdd7b89952b3a6bb70ca60e5881a
-
SHA256
3703d60a9d97907ecc862ff941200970d920aad2f6cac7674ae9fe6dfc43c24f
-
SHA512
9dec1592626cd54bd5f37562b3fa227c531464ba6d70ba9fc4c2d2d88d1ab5c3c47518cb4eb1995d013b2722a7b486a08ec6f3f512e4db388f80de495c65f234
-
SSDEEP
24576:RMu29SclxV3SzHlPsHguSIxR/mx43tE0JVV8ChpflryJnEIVA6mztFvDgIF:R+z3SmAuT3tfJ/80OJLWtFvDpF
Static task
static1
Behavioral task
behavioral1
Sample
0f7e5c8468382eb80bd866fbe772653d.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
0f7e5c8468382eb80bd866fbe772653d.exe
Resource
win10v2004-20250314-en
Malware Config
Targets
-
-
Target
0f7e5c8468382eb80bd866fbe772653d.exe
-
Size
1.7MB
-
MD5
0f7e5c8468382eb80bd866fbe772653d
-
SHA1
aee49bfa1bccbdd7b89952b3a6bb70ca60e5881a
-
SHA256
3703d60a9d97907ecc862ff941200970d920aad2f6cac7674ae9fe6dfc43c24f
-
SHA512
9dec1592626cd54bd5f37562b3fa227c531464ba6d70ba9fc4c2d2d88d1ab5c3c47518cb4eb1995d013b2722a7b486a08ec6f3f512e4db388f80de495c65f234
-
SSDEEP
24576:RMu29SclxV3SzHlPsHguSIxR/mx43tE0JVV8ChpflryJnEIVA6mztFvDgIF:R+z3SmAuT3tfJ/80OJLWtFvDpF
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2