General

  • Target

    8b7b806798c4217cad83737f95a88d1b

  • Size

    871KB

  • Sample

    240203-fvmc8scccl

  • MD5

    8b7b806798c4217cad83737f95a88d1b

  • SHA1

    b8341a3344512fd2e18959198f1b075ead0a0fb2

  • SHA256

    b2d7e79653ba470543f57928d3f104ea2faa58ad9ac9c7adc64217164101b474

  • SHA512

    6a32136fad2c22b1a88d7e40602579487272370824ac0f4d3ac1763854006eaaab925dfe78eda8a54f3a4c0f5e9125110f790f974bc3b0fac4748b38e9bbfdb6

  • SSDEEP

    24576:VVCH7E1S6rWb1i0bhNBTnPDrrhuEQmX2K2:XIEY6ScghNBLframmK2

Malware Config

Targets

    • Target

      8b7b806798c4217cad83737f95a88d1b

    • Size

      871KB

    • MD5

      8b7b806798c4217cad83737f95a88d1b

    • SHA1

      b8341a3344512fd2e18959198f1b075ead0a0fb2

    • SHA256

      b2d7e79653ba470543f57928d3f104ea2faa58ad9ac9c7adc64217164101b474

    • SHA512

      6a32136fad2c22b1a88d7e40602579487272370824ac0f4d3ac1763854006eaaab925dfe78eda8a54f3a4c0f5e9125110f790f974bc3b0fac4748b38e9bbfdb6

    • SSDEEP

      24576:VVCH7E1S6rWb1i0bhNBTnPDrrhuEQmX2K2:XIEY6ScghNBLframmK2

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • ModiLoader Second Stage

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks