General

  • Target

    2e19930da2b987b4e65eacc79f0df605b89d1135ee6d1d6c3cfd857a2989aa23

  • Size

    488KB

  • Sample

    221129-jx31jsdh9v

  • MD5

    5db1f0b7430b6508d25e627a60cf4f70

  • SHA1

    527f235665a42bbc465867715ea0e13ebc3b3bae

  • SHA256

    2e19930da2b987b4e65eacc79f0df605b89d1135ee6d1d6c3cfd857a2989aa23

  • SHA512

    602714806064a519af872985fa44253c6daf6a5fec32dc056494a983fd85e270cfd102157b9058fc52fb53026fea65f8ac6fd922e17064df96aee4b27661467f

  • SSDEEP

    6144:PuUnSO2GjZkD10BIY3rb1YfBdfpoZ3u/Ht52w6JSeiFPXRo6LjLy84uc:lnx2GjMY3XKfd/H/9Pm6Lv+uc

Malware Config

Targets

    • Target

      2e19930da2b987b4e65eacc79f0df605b89d1135ee6d1d6c3cfd857a2989aa23

    • Size

      488KB

    • MD5

      5db1f0b7430b6508d25e627a60cf4f70

    • SHA1

      527f235665a42bbc465867715ea0e13ebc3b3bae

    • SHA256

      2e19930da2b987b4e65eacc79f0df605b89d1135ee6d1d6c3cfd857a2989aa23

    • SHA512

      602714806064a519af872985fa44253c6daf6a5fec32dc056494a983fd85e270cfd102157b9058fc52fb53026fea65f8ac6fd922e17064df96aee4b27661467f

    • SSDEEP

      6144:PuUnSO2GjZkD10BIY3rb1YfBdfpoZ3u/Ht52w6JSeiFPXRo6LjLy84uc:lnx2GjMY3XKfd/H/9Pm6Lv+uc

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies system executable filetype association

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • ModiLoader Second Stage

    • Executes dropped EXE

    • Modifies Installed Components in the registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Change Default File Association

1
T1042

Registry Run Keys / Startup Folder

2
T1060

Defense Evasion

Modify Registry

3
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

1
T1005

Tasks