General

  • Target

    95c1e37df6075f3caaaa1d172125a830b6733726670f5f8155f62c26bc472d9e

  • Size

    844KB

  • Sample

    221203-1n5lfsgf35

  • MD5

    ef07264221f95108f16ba392cd80d320

  • SHA1

    938264373a44b03a962b0f6362a31493614ad9e0

  • SHA256

    95c1e37df6075f3caaaa1d172125a830b6733726670f5f8155f62c26bc472d9e

  • SHA512

    4278cc335c63d48bada802a6f1798c62cf3262d56aa740a1effd087dd31ad4a3ff8acbbc1090fd8f27a93a190e6694765a6a22d26256b8195af32af947bde15d

  • SSDEEP

    12288:dBPDXS5Dkk6op32l9j2wx+xejWEZ2QySvuWQtW9b0rRZCwYll9j2wx+xs8V:u5Dkk6wM2wx+xxc2QPCOh2wx+xs8V

Score
10/10

Malware Config

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.freewebtown.com
  • Port:
    21
  • Username:
    on7line
  • Password:
    deneme123

Targets

    • Target

      95c1e37df6075f3caaaa1d172125a830b6733726670f5f8155f62c26bc472d9e

    • Size

      844KB

    • MD5

      ef07264221f95108f16ba392cd80d320

    • SHA1

      938264373a44b03a962b0f6362a31493614ad9e0

    • SHA256

      95c1e37df6075f3caaaa1d172125a830b6733726670f5f8155f62c26bc472d9e

    • SHA512

      4278cc335c63d48bada802a6f1798c62cf3262d56aa740a1effd087dd31ad4a3ff8acbbc1090fd8f27a93a190e6694765a6a22d26256b8195af32af947bde15d

    • SSDEEP

      12288:dBPDXS5Dkk6op32l9j2wx+xejWEZ2QySvuWQtW9b0rRZCwYll9j2wx+xs8V:u5Dkk6wM2wx+xxc2QPCOh2wx+xs8V

    Score
    10/10
    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • ModiLoader Second Stage

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Peripheral Device Discovery

1
T1120

Tasks