General

  • Target

    0625413424416272_1.zip

  • Size

    398KB

  • Sample

    230327-qext5sff4s

  • MD5

    9f877247d908c1b925bde681ba3e23bb

  • SHA1

    84fa6b3e11d7766bc5f0d887e2614104e3744fa0

  • SHA256

    07e3054ea7b32bc1b3dc65e7805364fdbfa2a4bb4438c6b531bb8a39a4e929ad

  • SHA512

    f2818df90baf976ee3aab70583aa5ddc8d6fd938adb9bd688c2a7f429bb94b1b4a2ab37e658b32df554cad060804d5f5afc0436e68b20040fcda2b90bd1f660d

  • SSDEEP

    12288:M7j+Gl8CHn8BmPkqrZGwjggaSJFPks1aR:c8yn8Bmsq8WhER

Malware Config

Targets

    • Target

      0625413424416272.exe

    • Size

      821KB

    • MD5

      5fc4c73e287297316316d56ec340bb98

    • SHA1

      306fd44b6d688e9f84d87e533605121bdf64eb9c

    • SHA256

      33ba34d8685f48fc23e074cf802716cce5f1b27a656a0996bdf88232c42a36d7

    • SHA512

      76b21a33991414c057d1d6eafa5f8b2327c7b6e1f2aeae6e60fc15f82c65e9c40252f4aaf9d0d3276a7401a6adfb93b35e4794d9987229aa456dcddfcb85f8d8

    • SSDEEP

      12288:1xkn6YuwDEgW0+K4tvzxn58XdUpGHnSieAi+Ze643VaxBP:nM6yG0+hhzxnidiGHSi3HuS

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • ModiLoader Second Stage

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks