General

  • Target

    2beadfcc5cc2f725fbaa08d7421d94a4.exe

  • Size

    1.3MB

  • Sample

    210310-5jnt19sj4e

  • MD5

    2beadfcc5cc2f725fbaa08d7421d94a4

  • SHA1

    86e79742e9a3b43682022331096dc7fce3ba8de6

  • SHA256

    5d0b09993c8b1d6de2ab162c32f2c36fb250b5a8051fbde5d5bcf9e8142ef75d

  • SHA512

    f007d49f1a274afaa87b601732f784eb62d438a367b17c24e959990aac61cf270e7d2b8bfd677a6cf00e603a12455e759e44d4ca9c635a9db8a446af2790a8f7

Malware Config

Targets

    • Target

      2beadfcc5cc2f725fbaa08d7421d94a4.exe

    • Size

      1.3MB

    • MD5

      2beadfcc5cc2f725fbaa08d7421d94a4

    • SHA1

      86e79742e9a3b43682022331096dc7fce3ba8de6

    • SHA256

      5d0b09993c8b1d6de2ab162c32f2c36fb250b5a8051fbde5d5bcf9e8142ef75d

    • SHA512

      f007d49f1a274afaa87b601732f784eb62d438a367b17c24e959990aac61cf270e7d2b8bfd677a6cf00e603a12455e759e44d4ca9c635a9db8a446af2790a8f7

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • ModiLoader First Stage

    • Executes dropped EXE

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Bootkit

1
T1067

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Remote System Discovery

1
T1018

Collection

Data from Local System

1
T1005

Tasks