General

  • Target

    8474b5576eadb576290aa2453beee4de

  • Size

    132KB

  • Sample

    240131-p16hqscdg8

  • MD5

    8474b5576eadb576290aa2453beee4de

  • SHA1

    b3316ad24e40b78084c0c2dc85f239c57b22da8c

  • SHA256

    38fb76f631db2865330cebcf562c79234acf69192a30248e058e18adf91f3ad2

  • SHA512

    0a47f8ecc64a14ca9a350ac9ac11d1e8c6b50a4c490ecc56567b6c2d39fe8127df59ef9dd3574a2724b5193d082e0a073c651ce02614a4ecdd958db2cad2628f

  • SSDEEP

    3072:85IxAVCvV4iSJcgbRWceQuIg+ndvaQy1p9cbcKZH/G:8ECCvai9gdKIg+ndiF1ro5O

Score
10/10

Malware Config

Targets

    • Target

      8474b5576eadb576290aa2453beee4de

    • Size

      132KB

    • MD5

      8474b5576eadb576290aa2453beee4de

    • SHA1

      b3316ad24e40b78084c0c2dc85f239c57b22da8c

    • SHA256

      38fb76f631db2865330cebcf562c79234acf69192a30248e058e18adf91f3ad2

    • SHA512

      0a47f8ecc64a14ca9a350ac9ac11d1e8c6b50a4c490ecc56567b6c2d39fe8127df59ef9dd3574a2724b5193d082e0a073c651ce02614a4ecdd958db2cad2628f

    • SSDEEP

      3072:85IxAVCvV4iSJcgbRWceQuIg+ndvaQy1p9cbcKZH/G:8ECCvai9gdKIg+ndiF1ro5O

    Score
    10/10
    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks