General

  • Target

    SecuriteInfo.com.Fareit-FZO54A4BE7037EC.20832

  • Size

    706KB

  • Sample

    210102-bp3wegwhfj

  • MD5

    54a4be7037ecdb031563998906a365cd

  • SHA1

    e19e35a43087696fc4e7ac0dfeea4ea19fed8f28

  • SHA256

    248eabc9c97d8c4994c26c88cf1806ea9274eb187e3eb0bae7ae8035c7f3b189

  • SHA512

    515c6edb804b85cdaa610a275cfda7490884a42dc5c1585681d13d644c0e5b2ef363dff586e24e1a44410db85e49ee3e2c9737b865f1f9e84271dc5800dbd60d

Malware Config

Targets

    • Target

      SecuriteInfo.com.Fareit-FZO54A4BE7037EC.20832

    • Size

      706KB

    • MD5

      54a4be7037ecdb031563998906a365cd

    • SHA1

      e19e35a43087696fc4e7ac0dfeea4ea19fed8f28

    • SHA256

      248eabc9c97d8c4994c26c88cf1806ea9274eb187e3eb0bae7ae8035c7f3b189

    • SHA512

      515c6edb804b85cdaa610a275cfda7490884a42dc5c1585681d13d644c0e5b2ef363dff586e24e1a44410db85e49ee3e2c9737b865f1f9e84271dc5800dbd60d

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Tasks