General

  • Target

    BBRAUN VIETNAM - RFQ-QT240422703-01 - 3-29-2024-20-00.exe

  • Size

    1.0MB

  • Sample

    240325-jlyxfsdf51

  • MD5

    bef5602089e49d7df0c2544b887d1e04

  • SHA1

    cfa99519b6fa66ce8952c205361cf8e2b53b415a

  • SHA256

    a2c1b716d20b61bc4c57748e1ec195fbac2c5b143cf960d0ffee895160d4b0db

  • SHA512

    2726f63e7298dbb80a069253ba8645fb527a3c4ae5ff4a02a2a7e3319d5b2f81e5c06c6ea7b18a01bdb6e69251df487610bb2db68adab7e6533e15252ffcf342

  • SSDEEP

    24576:+PF6DSSEvVi8ds05OTOfYIOBRaR6URr0GDp6erPEM:+PazuAOfh4RaR6URrNpp

Malware Config

Targets

    • Target

      BBRAUN VIETNAM - RFQ-QT240422703-01 - 3-29-2024-20-00.exe

    • Size

      1.0MB

    • MD5

      bef5602089e49d7df0c2544b887d1e04

    • SHA1

      cfa99519b6fa66ce8952c205361cf8e2b53b415a

    • SHA256

      a2c1b716d20b61bc4c57748e1ec195fbac2c5b143cf960d0ffee895160d4b0db

    • SHA512

      2726f63e7298dbb80a069253ba8645fb527a3c4ae5ff4a02a2a7e3319d5b2f81e5c06c6ea7b18a01bdb6e69251df487610bb2db68adab7e6533e15252ffcf342

    • SSDEEP

      24576:+PF6DSSEvVi8ds05OTOfYIOBRaR6URr0GDp6erPEM:+PazuAOfh4RaR6URrNpp

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • ModiLoader Second Stage

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks