General

  • Target

    8c4840f635a07a944f92b2068f1dc132

  • Size

    113KB

  • Sample

    240203-n9tpvsbacl

  • MD5

    8c4840f635a07a944f92b2068f1dc132

  • SHA1

    509f4c820bd3e5e34a5e16a0cd03084112dd352a

  • SHA256

    1e946fa233a7770ebaf1f851c11a245b4e06f336616d5dd4d48ac7535f9c2ecf

  • SHA512

    0d36aaf4231a95585d1a86c7e7abb902b7028af558e97ca8046cd1540dea49a363f2a9001117edce4b8e8ed158a9b3cf200f42c8b1234948ddf34d7c1dd48674

  • SSDEEP

    1536:U0GwujewDnzOeQ0PYnTYiL2SiLcQKcKl8jNh/6/YPW5XMSaZl/fSCBzx9L0UJwf:U0XujPnqxjTYMHOccyu4eEUFqYZ

Malware Config

Targets

    • Target

      8c4840f635a07a944f92b2068f1dc132

    • Size

      113KB

    • MD5

      8c4840f635a07a944f92b2068f1dc132

    • SHA1

      509f4c820bd3e5e34a5e16a0cd03084112dd352a

    • SHA256

      1e946fa233a7770ebaf1f851c11a245b4e06f336616d5dd4d48ac7535f9c2ecf

    • SHA512

      0d36aaf4231a95585d1a86c7e7abb902b7028af558e97ca8046cd1540dea49a363f2a9001117edce4b8e8ed158a9b3cf200f42c8b1234948ddf34d7c1dd48674

    • SSDEEP

      1536:U0GwujewDnzOeQ0PYnTYiL2SiLcQKcKl8jNh/6/YPW5XMSaZl/fSCBzx9L0UJwf:U0XujPnqxjTYMHOccyu4eEUFqYZ

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • UAC bypass

    • ModiLoader Second Stage

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks