General

  • Target

    8e0a5e0013d1936d6103f8e0226f86f7

  • Size

    110KB

  • Sample

    240204-dev94afff4

  • MD5

    8e0a5e0013d1936d6103f8e0226f86f7

  • SHA1

    ddc9468b5b6680282aa867eb9ae819772a154a53

  • SHA256

    cebffeec5a5ed5c56d778e632a289f769aeca062ddd4ffe0d1fb3263712a7e98

  • SHA512

    cec8b981c66af6e68e2fd2200500c675a153fcfec0c1a1096a6e2ec69b6de1a7dc726edcba314ec6858a452441ad52bab76396d61776e060bade33525603c604

  • SSDEEP

    3072:46B3WuwjMOa4dnTjzFXo8T0cNrlGq30nout:BwAOdnTyQ5GqknoS

Malware Config

Targets

    • Target

      8e0a5e0013d1936d6103f8e0226f86f7

    • Size

      110KB

    • MD5

      8e0a5e0013d1936d6103f8e0226f86f7

    • SHA1

      ddc9468b5b6680282aa867eb9ae819772a154a53

    • SHA256

      cebffeec5a5ed5c56d778e632a289f769aeca062ddd4ffe0d1fb3263712a7e98

    • SHA512

      cec8b981c66af6e68e2fd2200500c675a153fcfec0c1a1096a6e2ec69b6de1a7dc726edcba314ec6858a452441ad52bab76396d61776e060bade33525603c604

    • SSDEEP

      3072:46B3WuwjMOa4dnTjzFXo8T0cNrlGq30nout:BwAOdnTyQ5GqknoS

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • UAC bypass

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks