General

  • Target

    98619775d344c488847a5355433bb4d4206e8fe054b09302ca5e7eaf86cd2381

  • Size

    159KB

  • Sample

    221204-1hhjqsce9w

  • MD5

    cd602e1d9ed9af0f1d5c60b8e6598bfe

  • SHA1

    b2f7534835fb48b5feb390c1ec5b2e9acf8fe578

  • SHA256

    98619775d344c488847a5355433bb4d4206e8fe054b09302ca5e7eaf86cd2381

  • SHA512

    6aa30d18cb7ffdf8f919b722d9e151b93f7b6f4d1d9a7003669b9aaca67c8539110249930d30d6319340959b3d812165992741187b66a24393c7784c077ace89

  • SSDEEP

    3072:dRGEbqzPvmGEbqzHxsbE7IjXDNAiBs1SsVF9ylfPOlOqivfkr:XGkqzWGkqzHxsbEAXZTqVaOUqn

Malware Config

Targets

    • Target

      98619775d344c488847a5355433bb4d4206e8fe054b09302ca5e7eaf86cd2381

    • Size

      159KB

    • MD5

      cd602e1d9ed9af0f1d5c60b8e6598bfe

    • SHA1

      b2f7534835fb48b5feb390c1ec5b2e9acf8fe578

    • SHA256

      98619775d344c488847a5355433bb4d4206e8fe054b09302ca5e7eaf86cd2381

    • SHA512

      6aa30d18cb7ffdf8f919b722d9e151b93f7b6f4d1d9a7003669b9aaca67c8539110249930d30d6319340959b3d812165992741187b66a24393c7784c077ace89

    • SSDEEP

      3072:dRGEbqzPvmGEbqzHxsbE7IjXDNAiBs1SsVF9ylfPOlOqivfkr:XGkqzWGkqzHxsbEAXZTqVaOUqn

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • UAC bypass

    • ModiLoader Second Stage

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Privilege Escalation

                  Tasks