General

  • Target

    ASLF1SR00116 40HC 21T05 DALIAN TO GENOVA..exe

  • Size

    715KB

  • Sample

    220808-ekr1asfba8

  • MD5

    80ba0c92bd8bebfc4ead324e550e2797

  • SHA1

    efd0a3f4bfbc2616356c8937bdefb2a8d916950a

  • SHA256

    88502779764c4ceacff4b4a39a389bf13389b734f99e76160c865a2da6d21bee

  • SHA512

    f426051a14767f3c446e6792ac76cd32e28955a2b48c03a7f050c04e8f91eb16695d7b0755ea5a45c9acb137269102277df990bd43432eaf07d8a33db8d6ef0b

Malware Config

Targets

    • Target

      ASLF1SR00116 40HC 21T05 DALIAN TO GENOVA..exe

    • Size

      715KB

    • MD5

      80ba0c92bd8bebfc4ead324e550e2797

    • SHA1

      efd0a3f4bfbc2616356c8937bdefb2a8d916950a

    • SHA256

      88502779764c4ceacff4b4a39a389bf13389b734f99e76160c865a2da6d21bee

    • SHA512

      f426051a14767f3c446e6792ac76cd32e28955a2b48c03a7f050c04e8f91eb16695d7b0755ea5a45c9acb137269102277df990bd43432eaf07d8a33db8d6ef0b

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks