General

  • Target

    Swift EUR97k_pdf.bat.exe

  • Size

    1.8MB

  • Sample

    240131-mty4zaade8

  • MD5

    26e2e47018d68491b42b12bea74a04c4

  • SHA1

    51bf304b0d4190d09d9d5e750c5f717bd4650e18

  • SHA256

    77d38d585e01fc1d0abebd6869cf421314e1695c35c62f086bd32e3a6bc51e93

  • SHA512

    7a4d3709a5b47e4fbd63f6244fffb7d9a5caed1a8d7fb93fcf1cb4214311d72c8e92753e1fa57052df4bd7ea3333192e927e15000058b19f46c21e87cd06491b

  • SSDEEP

    24576:g7+dhTZPoW+yd+NM//vHQqlTHl4Vb24WX3k7wXTz8QGFUZfM+7Dfavrjnpir0gOM:gcP7HHQU72UHk7c7mvrq0gOP7QJRWuv

Malware Config

Targets

    • Target

      Swift EUR97k_pdf.bat.exe

    • Size

      1.8MB

    • MD5

      26e2e47018d68491b42b12bea74a04c4

    • SHA1

      51bf304b0d4190d09d9d5e750c5f717bd4650e18

    • SHA256

      77d38d585e01fc1d0abebd6869cf421314e1695c35c62f086bd32e3a6bc51e93

    • SHA512

      7a4d3709a5b47e4fbd63f6244fffb7d9a5caed1a8d7fb93fcf1cb4214311d72c8e92753e1fa57052df4bd7ea3333192e927e15000058b19f46c21e87cd06491b

    • SSDEEP

      24576:g7+dhTZPoW+yd+NM//vHQqlTHl4Vb24WX3k7wXTz8QGFUZfM+7Dfavrjnpir0gOM:gcP7HHQU72UHk7c7mvrq0gOP7QJRWuv

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • ModiLoader Second Stage

    • Creates new service(s)

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks