General

  • Target

    8c374ca0249224866665220ab34e97d0

  • Size

    1.3MB

  • Sample

    240203-nmbkrsfhg4

  • MD5

    8c374ca0249224866665220ab34e97d0

  • SHA1

    08eccb3285380b745145945016012fb07b2082c5

  • SHA256

    bc4e0ea3ed6a4b55c69807441e5f8ddd4ff1e5c9f0d20a294b97c83cebfe3bdc

  • SHA512

    05a94418e10197d1a4ed982fa005c6ebd6d7923ec7789ddc4cf1b69d5efe883e7dc099c65df4c5602c5a1725c893bd7c6ed2274962be3843a9b3e3b96655ffab

  • SSDEEP

    24576:9Hqhl0GuyGFygPiJa0YQzvZz43J6MssZ7kJu:chOGwFBPiJVZk56MssZ7kJu

Malware Config

Targets

    • Target

      8c374ca0249224866665220ab34e97d0

    • Size

      1.3MB

    • MD5

      8c374ca0249224866665220ab34e97d0

    • SHA1

      08eccb3285380b745145945016012fb07b2082c5

    • SHA256

      bc4e0ea3ed6a4b55c69807441e5f8ddd4ff1e5c9f0d20a294b97c83cebfe3bdc

    • SHA512

      05a94418e10197d1a4ed982fa005c6ebd6d7923ec7789ddc4cf1b69d5efe883e7dc099c65df4c5602c5a1725c893bd7c6ed2274962be3843a9b3e3b96655ffab

    • SSDEEP

      24576:9Hqhl0GuyGFygPiJa0YQzvZz43J6MssZ7kJu:chOGwFBPiJVZk56MssZ7kJu

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • UAC bypass

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks