General

  • Target

    82d0900e65d97f94dea740118374107d

  • Size

    309KB

  • Sample

    240130-24pevafad3

  • MD5

    82d0900e65d97f94dea740118374107d

  • SHA1

    bb4476dd643a4b2f3268e9d827cc9f41b3e274e6

  • SHA256

    dd8618c118965b60c1f60be32ebe94cc8990be8da695b04c90779db857f8ccb9

  • SHA512

    c4e878f4fb34be998557907ef057790ef8979c679543c7c4412909cd177ef817c1690c23dc93447eb3cff59cea714bff2a79b22224f54669a197588859a5cdab

  • SSDEEP

    6144:fcI0jyQLRjyOsc4LERo0GhquLwWgz6aw5pafvpdZ2PVbA0:fuLdj7sSi1Rbgz67nOHZOP

Score
10/10

Malware Config

Targets

    • Target

      82d0900e65d97f94dea740118374107d

    • Size

      309KB

    • MD5

      82d0900e65d97f94dea740118374107d

    • SHA1

      bb4476dd643a4b2f3268e9d827cc9f41b3e274e6

    • SHA256

      dd8618c118965b60c1f60be32ebe94cc8990be8da695b04c90779db857f8ccb9

    • SHA512

      c4e878f4fb34be998557907ef057790ef8979c679543c7c4412909cd177ef817c1690c23dc93447eb3cff59cea714bff2a79b22224f54669a197588859a5cdab

    • SSDEEP

      6144:fcI0jyQLRjyOsc4LERo0GhquLwWgz6aw5pafvpdZ2PVbA0:fuLdj7sSi1Rbgz67nOHZOP

    Score
    10/10
    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • ModiLoader Second Stage

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks