General
-
Target
bb059eacc6763d5cee9de8eb6fac2054488d31a1e58c264ce5c5146775e11c6b
-
Size
1MB
-
Sample
221129-rsh4ksbd5y
-
MD5
e0b35ac78daa38069316b665be0ccaf4
-
SHA1
32eed5fcd7957abd63f5df6ecd6b5328d81139f4
-
SHA256
bb059eacc6763d5cee9de8eb6fac2054488d31a1e58c264ce5c5146775e11c6b
-
SHA512
356e865b56a7e1a147c4bee0f9753f1084e2cfd5ca957abc34f784587d254288bb4063b77bce3fbfdf9a0959ffc54cbc8b4fee96b11c22049b5a401b12fcd6fe
-
SSDEEP
24576:b1dlZo5xdydAwqnT7yW7a6xLfi+VjkPLGC0PYo+L6L8o8BBd2RVeIUTCvSxZE:b1dlZoryOvyW26xLfi+mqCU+23SPTOvV
Malware Config
Targets
-
-
Target
bb059eacc6763d5cee9de8eb6fac2054488d31a1e58c264ce5c5146775e11c6b
-
Size
1MB
-
MD5
e0b35ac78daa38069316b665be0ccaf4
-
SHA1
32eed5fcd7957abd63f5df6ecd6b5328d81139f4
-
SHA256
bb059eacc6763d5cee9de8eb6fac2054488d31a1e58c264ce5c5146775e11c6b
-
SHA512
356e865b56a7e1a147c4bee0f9753f1084e2cfd5ca957abc34f784587d254288bb4063b77bce3fbfdf9a0959ffc54cbc8b4fee96b11c22049b5a401b12fcd6fe
-
SSDEEP
24576:b1dlZo5xdydAwqnT7yW7a6xLfi+VjkPLGC0PYo+L6L8o8BBd2RVeIUTCvSxZE:b1dlZoryOvyW26xLfi+mqCU+23SPTOvV
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation