General

  • Target

    Yeni sifaris siyahisi.exe

  • Size

    1.1MB

  • Sample

    240326-p3g8xsaf52

  • MD5

    6826a90ade3cb684daeed5476c31faa3

  • SHA1

    d938a3a3cae14ae0954d3e0edd541c1bf50ce622

  • SHA256

    1c60bc833a05be736fd6734552cf56281db65a3cb0c8004b3f94d88cf6c31a84

  • SHA512

    d6994bfc1a462bda203a6f3967e9bb8a1be8dc79db4a6474130f8348cc548ed0615a6f895313d015a02843304088fda369c5594beba21a27fdea8bf362aa34a1

  • SSDEEP

    24576:llAinAzO5SRz+HJ0dkGdiNhp/BRaR6URr0GDp6eX:llAc5StANPpRaR6URrNp

Malware Config

Targets

    • Target

      Yeni sifaris siyahisi.exe

    • Size

      1.1MB

    • MD5

      6826a90ade3cb684daeed5476c31faa3

    • SHA1

      d938a3a3cae14ae0954d3e0edd541c1bf50ce622

    • SHA256

      1c60bc833a05be736fd6734552cf56281db65a3cb0c8004b3f94d88cf6c31a84

    • SHA512

      d6994bfc1a462bda203a6f3967e9bb8a1be8dc79db4a6474130f8348cc548ed0615a6f895313d015a02843304088fda369c5594beba21a27fdea8bf362aa34a1

    • SSDEEP

      24576:llAinAzO5SRz+HJ0dkGdiNhp/BRaR6URr0GDp6eX:llAc5StANPpRaR6URrNp

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • ModiLoader Second Stage

    • Executes dropped EXE

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks