General

  • Target

    Transferencia 27999901671.bat

  • Size

    3.1MB

  • Sample

    240326-rrqr2acb69

  • MD5

    2e016a2667734c3d435c4a9a36d729c9

  • SHA1

    f3874d336db527df9fb5dbf497d1edd7a5ddc977

  • SHA256

    9c25c340901294d46d8361d4914e0bb3473e38fe4b9d742e737c519279bc4401

  • SHA512

    c8feb5329740f5d71edb7d40b213a17d9095f098187d2ecd0c48504b9bed2b407e3dafb346c544f26129d3ea0f22e4816e7b0116384be0b511974fed57f41661

  • SSDEEP

    24576:2wyJPcV/Hrrz6jT6vaQrAAAy4QE1FpVJQQul6kE82zg38H6HKpLJrvvfzrEZnfQa:9yJPcVHQNQrAAHEPJQT7Z38dEDg3xfO

Malware Config

Targets

    • Target

      Transferencia 27999901671.bat

    • Size

      3.1MB

    • MD5

      2e016a2667734c3d435c4a9a36d729c9

    • SHA1

      f3874d336db527df9fb5dbf497d1edd7a5ddc977

    • SHA256

      9c25c340901294d46d8361d4914e0bb3473e38fe4b9d742e737c519279bc4401

    • SHA512

      c8feb5329740f5d71edb7d40b213a17d9095f098187d2ecd0c48504b9bed2b407e3dafb346c544f26129d3ea0f22e4816e7b0116384be0b511974fed57f41661

    • SSDEEP

      24576:2wyJPcV/Hrrz6jT6vaQrAAAy4QE1FpVJQQul6kE82zg38H6HKpLJrvvfzrEZnfQa:9yJPcVHQNQrAAHEPJQT7Z38dEDg3xfO

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks