General

  • Target

    411c10491ceca5febe92be42ce2fbb3110ad8330d13a9d354c2f3bbbca4b070e

  • Size

    113KB

  • Sample

    221201-k8fvtsde93

  • MD5

    27eb476837647fc82c8b7da199d45bf0

  • SHA1

    a346e377217b892ef1676f6d15979908568628dd

  • SHA256

    411c10491ceca5febe92be42ce2fbb3110ad8330d13a9d354c2f3bbbca4b070e

  • SHA512

    6e9cc27a5861b6479e1e7ec45cdb63557df3a9b53e76f4a8c511425419f6b3f8f77f3a2fe64f6e827f75a817b370bb618cad4240239ca4352cbd1820e833c9a3

  • SSDEEP

    3072:o1+MJKrUnFYY5z1i0Nmbi5fJBN7yEf9Sout:QIrPj0NmWtN7yEf0oS

Malware Config

Targets

    • Target

      411c10491ceca5febe92be42ce2fbb3110ad8330d13a9d354c2f3bbbca4b070e

    • Size

      113KB

    • MD5

      27eb476837647fc82c8b7da199d45bf0

    • SHA1

      a346e377217b892ef1676f6d15979908568628dd

    • SHA256

      411c10491ceca5febe92be42ce2fbb3110ad8330d13a9d354c2f3bbbca4b070e

    • SHA512

      6e9cc27a5861b6479e1e7ec45cdb63557df3a9b53e76f4a8c511425419f6b3f8f77f3a2fe64f6e827f75a817b370bb618cad4240239ca4352cbd1820e833c9a3

    • SSDEEP

      3072:o1+MJKrUnFYY5z1i0Nmbi5fJBN7yEf9Sout:QIrPj0NmWtN7yEf0oS

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • UAC bypass

    • ModiLoader Second Stage

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks