General
-
Target
8c374ca0249224866665220ab34e97d0
-
Size
1.3MB
-
Sample
240203-nmbkrsfhg4
-
MD5
8c374ca0249224866665220ab34e97d0
-
SHA1
08eccb3285380b745145945016012fb07b2082c5
-
SHA256
bc4e0ea3ed6a4b55c69807441e5f8ddd4ff1e5c9f0d20a294b97c83cebfe3bdc
-
SHA512
05a94418e10197d1a4ed982fa005c6ebd6d7923ec7789ddc4cf1b69d5efe883e7dc099c65df4c5602c5a1725c893bd7c6ed2274962be3843a9b3e3b96655ffab
-
SSDEEP
24576:9Hqhl0GuyGFygPiJa0YQzvZz43J6MssZ7kJu:chOGwFBPiJVZk56MssZ7kJu
Static task
static1
Behavioral task
behavioral1
Sample
8c374ca0249224866665220ab34e97d0.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
8c374ca0249224866665220ab34e97d0.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
8c374ca0249224866665220ab34e97d0
-
Size
1.3MB
-
MD5
8c374ca0249224866665220ab34e97d0
-
SHA1
08eccb3285380b745145945016012fb07b2082c5
-
SHA256
bc4e0ea3ed6a4b55c69807441e5f8ddd4ff1e5c9f0d20a294b97c83cebfe3bdc
-
SHA512
05a94418e10197d1a4ed982fa005c6ebd6d7923ec7789ddc4cf1b69d5efe883e7dc099c65df4c5602c5a1725c893bd7c6ed2274962be3843a9b3e3b96655ffab
-
SSDEEP
24576:9Hqhl0GuyGFygPiJa0YQzvZz43J6MssZ7kJu:chOGwFBPiJVZk56MssZ7kJu
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1