General

  • Target

    83b9692273e6484ae24c195920a35cb3

  • Size

    1.1MB

  • Sample

    240131-hf5mdaffen

  • MD5

    83b9692273e6484ae24c195920a35cb3

  • SHA1

    e7f91984fc43b8e01c4db157fd42f46c9075e8d6

  • SHA256

    dbecd96d99303e6ba242a19e10aed7a6e6398dee586fb05b57fc9b7e1edb98bd

  • SHA512

    4685dd32c7507045dafdf46454f36c0fa42af69a5dc92da98b27da82e39ac88e051da9fc3583c1d00de93cce54c087ffc8d9f6425a0cf644f873b1568ce2ee20

  • SSDEEP

    24576:xi5yucRDfEI42Pf5wijPblFb+H1P2zMHKrUtxyFN2:Y5mRLXn5wij5FbQ+z+iK+2

Malware Config

Targets

    • Target

      83b9692273e6484ae24c195920a35cb3

    • Size

      1.1MB

    • MD5

      83b9692273e6484ae24c195920a35cb3

    • SHA1

      e7f91984fc43b8e01c4db157fd42f46c9075e8d6

    • SHA256

      dbecd96d99303e6ba242a19e10aed7a6e6398dee586fb05b57fc9b7e1edb98bd

    • SHA512

      4685dd32c7507045dafdf46454f36c0fa42af69a5dc92da98b27da82e39ac88e051da9fc3583c1d00de93cce54c087ffc8d9f6425a0cf644f873b1568ce2ee20

    • SSDEEP

      24576:xi5yucRDfEI42Pf5wijPblFb+H1P2zMHKrUtxyFN2:Y5mRLXn5wij5FbQ+z+iK+2

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • UAC bypass

    • ModiLoader Second Stage

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks