General
-
Target
8c4840f635a07a944f92b2068f1dc132
-
Size
113KB
-
Sample
240203-n9tpvsbacl
-
MD5
8c4840f635a07a944f92b2068f1dc132
-
SHA1
509f4c820bd3e5e34a5e16a0cd03084112dd352a
-
SHA256
1e946fa233a7770ebaf1f851c11a245b4e06f336616d5dd4d48ac7535f9c2ecf
-
SHA512
0d36aaf4231a95585d1a86c7e7abb902b7028af558e97ca8046cd1540dea49a363f2a9001117edce4b8e8ed158a9b3cf200f42c8b1234948ddf34d7c1dd48674
-
SSDEEP
1536:U0GwujewDnzOeQ0PYnTYiL2SiLcQKcKl8jNh/6/YPW5XMSaZl/fSCBzx9L0UJwf:U0XujPnqxjTYMHOccyu4eEUFqYZ
Behavioral task
behavioral1
Sample
8c4840f635a07a944f92b2068f1dc132.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
8c4840f635a07a944f92b2068f1dc132.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
8c4840f635a07a944f92b2068f1dc132
-
Size
113KB
-
MD5
8c4840f635a07a944f92b2068f1dc132
-
SHA1
509f4c820bd3e5e34a5e16a0cd03084112dd352a
-
SHA256
1e946fa233a7770ebaf1f851c11a245b4e06f336616d5dd4d48ac7535f9c2ecf
-
SHA512
0d36aaf4231a95585d1a86c7e7abb902b7028af558e97ca8046cd1540dea49a363f2a9001117edce4b8e8ed158a9b3cf200f42c8b1234948ddf34d7c1dd48674
-
SSDEEP
1536:U0GwujewDnzOeQ0PYnTYiL2SiLcQKcKl8jNh/6/YPW5XMSaZl/fSCBzx9L0UJwf:U0XujPnqxjTYMHOccyu4eEUFqYZ
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1