General

  • Target

    b77daf934032129b309e2cb8b32fb54cffba2691768520d5c6190cb9ba15a059

  • Size

    789KB

  • Sample

    230720-n5cwjsgd53

  • MD5

    8c1e52ac9553fab121ee950749fe1d31

  • SHA1

    88ec187133d7e63abf95bfd47005f16448be2fb7

  • SHA256

    b77daf934032129b309e2cb8b32fb54cffba2691768520d5c6190cb9ba15a059

  • SHA512

    e0f68d4a726e81e8d9bf4ef8d003ef21bbe9272cc78c1344acd71e3c9902868016ecf6f8372e73c24082d45d78bb30a690067989285caea278eb695a74003282

  • SSDEEP

    24576:rk/A25GoqxIJs7ks3XJrPz6cDCnvMhqv9:rKAKGj7ks35rPmaCnvMsv9

Malware Config

Targets

    • Target

      b77daf934032129b309e2cb8b32fb54cffba2691768520d5c6190cb9ba15a059

    • Size

      789KB

    • MD5

      8c1e52ac9553fab121ee950749fe1d31

    • SHA1

      88ec187133d7e63abf95bfd47005f16448be2fb7

    • SHA256

      b77daf934032129b309e2cb8b32fb54cffba2691768520d5c6190cb9ba15a059

    • SHA512

      e0f68d4a726e81e8d9bf4ef8d003ef21bbe9272cc78c1344acd71e3c9902868016ecf6f8372e73c24082d45d78bb30a690067989285caea278eb695a74003282

    • SSDEEP

      24576:rk/A25GoqxIJs7ks3XJrPz6cDCnvMhqv9:rKAKGj7ks35rPmaCnvMsv9

    • DarkCloud

      An information stealer written in Visual Basic.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Suspicious use of NtCreateProcessOtherParentProcess

    • ModiLoader Second Stage

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks