General

  • Target

    e51b30bf9b0c6ac4653a5e0e3d47e53e.exe

  • Size

    1.3MB

  • Sample

    210224-d2b3gmmgkn

  • MD5

    e51b30bf9b0c6ac4653a5e0e3d47e53e

  • SHA1

    284bc580ff365a2c8ae9602e96d8e1a7cbff30b7

  • SHA256

    2b9ab52795f34af8e45a80c88ebd53c725bcccdab49aee05a8b848566e8c3b28

  • SHA512

    47617da1880ef2753d621b0639f1a868f88a945db5176fc2422165f181ec7613e175038c4d74067cd1447f44e3b26263e720a8f3bd302c957c2807cd77e43bce

Malware Config

Targets

    • Target

      e51b30bf9b0c6ac4653a5e0e3d47e53e.exe

    • Size

      1.3MB

    • MD5

      e51b30bf9b0c6ac4653a5e0e3d47e53e

    • SHA1

      284bc580ff365a2c8ae9602e96d8e1a7cbff30b7

    • SHA256

      2b9ab52795f34af8e45a80c88ebd53c725bcccdab49aee05a8b848566e8c3b28

    • SHA512

      47617da1880ef2753d621b0639f1a868f88a945db5176fc2422165f181ec7613e175038c4d74067cd1447f44e3b26263e720a8f3bd302c957c2807cd77e43bce

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • ModiLoader First Stage

    • Executes dropped EXE

    • Drops startup file

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Bootkit

1
T1067

Discovery

System Information Discovery

1
T1082

Remote System Discovery

1
T1018

Tasks