General

  • Target

    d73eb41e4f5c041fa715b811036b1f0b43321848eb52933cf62aba5a84b183ce

  • Size

    1.6MB

  • Sample

    221203-2pr77acc43

  • MD5

    782a27adf82c279dd5f5ad2df218d8d4

  • SHA1

    821cd1b08324ff4e48032644799baf28237693e8

  • SHA256

    d73eb41e4f5c041fa715b811036b1f0b43321848eb52933cf62aba5a84b183ce

  • SHA512

    8e4a381f780664ecb2e083a565177577512dd77c15d57e35bbed2e74153c4ae5c6df7ac72568784f455ceaa1ec6d932ab6c58c41be03b5c78066ec31516942bd

  • SSDEEP

    24576:ijRdwFjVUK0ElMZPh6/08PWf4XlAiYqiMGGFnNEj5qBTMq8yN7Zb:GaFpJlmh6ZPWf4XyiTxN6qBEadb

Malware Config

Targets

    • Target

      d73eb41e4f5c041fa715b811036b1f0b43321848eb52933cf62aba5a84b183ce

    • Size

      1.6MB

    • MD5

      782a27adf82c279dd5f5ad2df218d8d4

    • SHA1

      821cd1b08324ff4e48032644799baf28237693e8

    • SHA256

      d73eb41e4f5c041fa715b811036b1f0b43321848eb52933cf62aba5a84b183ce

    • SHA512

      8e4a381f780664ecb2e083a565177577512dd77c15d57e35bbed2e74153c4ae5c6df7ac72568784f455ceaa1ec6d932ab6c58c41be03b5c78066ec31516942bd

    • SSDEEP

      24576:ijRdwFjVUK0ElMZPh6/08PWf4XlAiYqiMGGFnNEj5qBTMq8yN7Zb:GaFpJlmh6ZPWf4XyiTxN6qBEadb

    • Detect Neshta payload

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies system executable filetype association

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • ModiLoader Second Stage

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Change Default File Association

1
T1042

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

1
T1005

Tasks