Resubmissions

04/02/2024, 00:04

240204-acwlasfcan 10

03/02/2024, 23:55

240203-3yhksafahm 10

General

  • Target

    8db1b5fa3d21283c306991a06c1bbf06

  • Size

    277KB

  • Sample

    240204-acwlasfcan

  • MD5

    8db1b5fa3d21283c306991a06c1bbf06

  • SHA1

    03d3bbe5189653e1ae7066ab02a63737ef52bb3d

  • SHA256

    f4e313e106cbbde6a98c5d2a73dcfe1a5589bec2dea2bbcc322c16b9f4211f19

  • SHA512

    4788869dcba755f328c3d5b634f0aa17200b3a60fd9d4ec002f6575f9161367f963796cc7bb92db239b3fd7ef7cedc93295ad15823e6bddacd05fdc2b67f25ca

  • SSDEEP

    6144:cWpIfbek5AyaBaFEeWjFLAFc9u5iCHgOfPCComz:rGfbek5A1Bae539uHHgEaK

Malware Config

Targets

    • Target

      8db1b5fa3d21283c306991a06c1bbf06

    • Size

      277KB

    • MD5

      8db1b5fa3d21283c306991a06c1bbf06

    • SHA1

      03d3bbe5189653e1ae7066ab02a63737ef52bb3d

    • SHA256

      f4e313e106cbbde6a98c5d2a73dcfe1a5589bec2dea2bbcc322c16b9f4211f19

    • SHA512

      4788869dcba755f328c3d5b634f0aa17200b3a60fd9d4ec002f6575f9161367f963796cc7bb92db239b3fd7ef7cedc93295ad15823e6bddacd05fdc2b67f25ca

    • SSDEEP

      6144:cWpIfbek5AyaBaFEeWjFLAFc9u5iCHgOfPCComz:rGfbek5A1Bae539uHHgEaK

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • ModiLoader Second Stage

    • Executes dropped EXE

    • Checks whether UAC is enabled

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks