General

  • Target

    8c3a2f174d760338070fb33a1c8452ee

  • Size

    80KB

  • Sample

    240203-nqkmvaadhj

  • MD5

    8c3a2f174d760338070fb33a1c8452ee

  • SHA1

    6f4f0c853999b3e3b0f3dd9360c0efacdb6febfc

  • SHA256

    1afdad1dd183e3e0b38f8a25400c07ab6d79063cc78ca6f4e909438dc361e847

  • SHA512

    123c420734c4491045b4954ac695af2bbc500aa4a5845ee8c145f857251d42616ac9715c64d79712eca85292504f417ddf3682bb4800e4d89587a1a652c77c5c

  • SSDEEP

    1536:glq0TkuQsEu9GDRccGwbhbYx/iRzulnxp/wwhXR18QbBQ4dW+9JM:qTkuF7oDR7bhExKRWxGCfJ9JM

Malware Config

Targets

    • Target

      8c3a2f174d760338070fb33a1c8452ee

    • Size

      80KB

    • MD5

      8c3a2f174d760338070fb33a1c8452ee

    • SHA1

      6f4f0c853999b3e3b0f3dd9360c0efacdb6febfc

    • SHA256

      1afdad1dd183e3e0b38f8a25400c07ab6d79063cc78ca6f4e909438dc361e847

    • SHA512

      123c420734c4491045b4954ac695af2bbc500aa4a5845ee8c145f857251d42616ac9715c64d79712eca85292504f417ddf3682bb4800e4d89587a1a652c77c5c

    • SSDEEP

      1536:glq0TkuQsEu9GDRccGwbhbYx/iRzulnxp/wwhXR18QbBQ4dW+9JM:qTkuF7oDR7bhExKRWxGCfJ9JM

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • ModiLoader Second Stage

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks