General

  • Target

    24dbcadb075f4a39cbbb207433033b487976b2d61b6e0d8dc1f0524df5680518

  • Size

    1015KB

  • Sample

    220512-n2219sdea2

  • MD5

    b94300ec827b9ea137aa3c1625147557

  • SHA1

    a5a704197c5e14154eb2523e1ac391feee87fe45

  • SHA256

    24dbcadb075f4a39cbbb207433033b487976b2d61b6e0d8dc1f0524df5680518

  • SHA512

    3cb9c974d634eda922d7acaef98eb8f58a4ec07de862e740e6b086428b320c3c02c93c9f0ce8c32e2bdbb87af8f83dbf6373dcc55c1987c53ad2625ec570e2fd

Malware Config

Targets

    • Target

      24dbcadb075f4a39cbbb207433033b487976b2d61b6e0d8dc1f0524df5680518

    • Size

      1015KB

    • MD5

      b94300ec827b9ea137aa3c1625147557

    • SHA1

      a5a704197c5e14154eb2523e1ac391feee87fe45

    • SHA256

      24dbcadb075f4a39cbbb207433033b487976b2d61b6e0d8dc1f0524df5680518

    • SHA512

      3cb9c974d634eda922d7acaef98eb8f58a4ec07de862e740e6b086428b320c3c02c93c9f0ce8c32e2bdbb87af8f83dbf6373dcc55c1987c53ad2625ec570e2fd

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    • BitRAT Payload

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • ModiLoader Second Stage

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks