General
-
Target
Swift EUR97k_pdf.bat
-
Size
1.8MB
-
Sample
240131-mts8qaccan
-
MD5
26e2e47018d68491b42b12bea74a04c4
-
SHA1
51bf304b0d4190d09d9d5e750c5f717bd4650e18
-
SHA256
77d38d585e01fc1d0abebd6869cf421314e1695c35c62f086bd32e3a6bc51e93
-
SHA512
7a4d3709a5b47e4fbd63f6244fffb7d9a5caed1a8d7fb93fcf1cb4214311d72c8e92753e1fa57052df4bd7ea3333192e927e15000058b19f46c21e87cd06491b
-
SSDEEP
24576:g7+dhTZPoW+yd+NM//vHQqlTHl4Vb24WX3k7wXTz8QGFUZfM+7Dfavrjnpir0gOM:gcP7HHQU72UHk7c7mvrq0gOP7QJRWuv
Static task
static1
Behavioral task
behavioral1
Sample
Swift EUR97k_pdf.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
Swift EUR97k_pdf.exe
Resource
win10v2004-20231222-en
Malware Config
Targets
-
-
Target
Swift EUR97k_pdf.bat
-
Size
1.8MB
-
MD5
26e2e47018d68491b42b12bea74a04c4
-
SHA1
51bf304b0d4190d09d9d5e750c5f717bd4650e18
-
SHA256
77d38d585e01fc1d0abebd6869cf421314e1695c35c62f086bd32e3a6bc51e93
-
SHA512
7a4d3709a5b47e4fbd63f6244fffb7d9a5caed1a8d7fb93fcf1cb4214311d72c8e92753e1fa57052df4bd7ea3333192e927e15000058b19f46c21e87cd06491b
-
SSDEEP
24576:g7+dhTZPoW+yd+NM//vHQqlTHl4Vb24WX3k7wXTz8QGFUZfM+7Dfavrjnpir0gOM:gcP7HHQU72UHk7c7mvrq0gOP7QJRWuv
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Creates new service(s)
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1