General

  • Target

    df035e43231b16ec82a2248837680323

  • Size

    103KB

  • Sample

    240326-m7l2kabf2s

  • MD5

    df035e43231b16ec82a2248837680323

  • SHA1

    5375c6ef5a1fe203b7ea8d4c429314f80b021572

  • SHA256

    18226a84025186dd8fa81ad1d7b556a4042d9afdcd7b83d86d846c6bc7bc7155

  • SHA512

    f57d994e6dc5a36bc2e077dc84b97bf02b084e22431649139d8efa5b8aeb0d74bf34ac1ac2358b70a1a663cde1b48d364cac86c8c5307d1b50a44320ba85d179

  • SSDEEP

    1536:aeIgoSP70nS/QAEEK6wgyLsaqOTB7YDUP3sKXsyD2DCoh:aPQTyStpKvukTB7eUF8yDGz

Malware Config

Targets

    • Target

      df035e43231b16ec82a2248837680323

    • Size

      103KB

    • MD5

      df035e43231b16ec82a2248837680323

    • SHA1

      5375c6ef5a1fe203b7ea8d4c429314f80b021572

    • SHA256

      18226a84025186dd8fa81ad1d7b556a4042d9afdcd7b83d86d846c6bc7bc7155

    • SHA512

      f57d994e6dc5a36bc2e077dc84b97bf02b084e22431649139d8efa5b8aeb0d74bf34ac1ac2358b70a1a663cde1b48d364cac86c8c5307d1b50a44320ba85d179

    • SSDEEP

      1536:aeIgoSP70nS/QAEEK6wgyLsaqOTB7YDUP3sKXsyD2DCoh:aPQTyStpKvukTB7eUF8yDGz

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • ModiLoader Second Stage

    • Modifies Installed Components in the registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks