General

  • Target

    8dea4838cc5683eec580ec18ed70f26c

  • Size

    177KB

  • Sample

    240204-b8gmpaegc3

  • MD5

    8dea4838cc5683eec580ec18ed70f26c

  • SHA1

    20f48c11f163172199773ab2c2132f59a62b7149

  • SHA256

    6bb2c0fded265d4351f5e6553cfb0e8deeae95c1614e2b4888d7819d9c7ac70b

  • SHA512

    398c627c118148f5689036c07bf073474db5a8060d9275374a8742aadfdeebdcee436601f494fe54512566729832871b5eec1f1ed2a658caafeb302d62c5ee36

  • SSDEEP

    3072:L7zJqkNYtkq7ix1HnTAYoEH1ZRecpalAFjEItrgPH/M7nd:NqecWzHnTaEHb8cpalijFrgPH/k

Malware Config

Targets

    • Target

      8dea4838cc5683eec580ec18ed70f26c

    • Size

      177KB

    • MD5

      8dea4838cc5683eec580ec18ed70f26c

    • SHA1

      20f48c11f163172199773ab2c2132f59a62b7149

    • SHA256

      6bb2c0fded265d4351f5e6553cfb0e8deeae95c1614e2b4888d7819d9c7ac70b

    • SHA512

      398c627c118148f5689036c07bf073474db5a8060d9275374a8742aadfdeebdcee436601f494fe54512566729832871b5eec1f1ed2a658caafeb302d62c5ee36

    • SSDEEP

      3072:L7zJqkNYtkq7ix1HnTAYoEH1ZRecpalAFjEItrgPH/M7nd:NqecWzHnTaEHb8cpalijFrgPH/k

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • UAC bypass

    • ModiLoader Second Stage

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks