General

  • Target

    f5e90cf4317c1bbc07bfa3714bb47d09b3e76aec719e426cbc9d9ba16a7820a9

  • Size

    1.2MB

  • Sample

    220516-p7gg7aeheq

  • MD5

    8514f4c038ed19f0b963c4374c283ce4

  • SHA1

    7feb015a7ff690ec7bd8c425e4185674ecb1a8e2

  • SHA256

    f5e90cf4317c1bbc07bfa3714bb47d09b3e76aec719e426cbc9d9ba16a7820a9

  • SHA512

    e0a5712d7618c8ba18fd78250db2cc465471b2b8db59326ed33b34e9e0456d78e6379e946aae71569087fa3d07a33ca6ef03d98745808a6cbc40cc5adf85d689

Malware Config

Extracted

Family

modiloader

C2

https://cdn.discordapp.com/attachments/748093730522791950/760005497381715978/Aqjiiiz

Targets

    • Target

      f5e90cf4317c1bbc07bfa3714bb47d09b3e76aec719e426cbc9d9ba16a7820a9

    • Size

      1.2MB

    • MD5

      8514f4c038ed19f0b963c4374c283ce4

    • SHA1

      7feb015a7ff690ec7bd8c425e4185674ecb1a8e2

    • SHA256

      f5e90cf4317c1bbc07bfa3714bb47d09b3e76aec719e426cbc9d9ba16a7820a9

    • SHA512

      e0a5712d7618c8ba18fd78250db2cc465471b2b8db59326ed33b34e9e0456d78e6379e946aae71569087fa3d07a33ca6ef03d98745808a6cbc40cc5adf85d689

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    • BitRAT Payload

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • ModiLoader First Stage

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks