General

  • Target

    abcd.zip

  • Size

    982KB

  • Sample

    240326-s1jkradc27

  • MD5

    5641aea80e5beaf0d2b9c4a4fce43f5b

  • SHA1

    8c7e0ffac99cf73c2810b72bcbe0fd1f864501f0

  • SHA256

    ded35f4e679a69d7704bfc9e425417a171e18804ded62044571fd7a0631f6e82

  • SHA512

    7fa9cae5cf5ff70ecde527f90929e8f4f1011e178e7c400ceb8a72adfd0ecff625276e9b39794c4bf4ae8a42682692b7c8d5e4016282050c41e9a87734bf8f39

  • SSDEEP

    24576:G8ifBs66wlrLWMZ7b/KtAEfhk+Sp0rqC7vRsyJjddz:cZxlrLWMlG7fhkeqLyx/

Malware Config

Targets

    • Target

      abcd.bat

    • Size

      3.3MB

    • MD5

      aa569c8d3f8bab9502a97a610d27729d

    • SHA1

      3727b1473dbca06ef346582d891c45b50e0fda67

    • SHA256

      88cf408569b4b2414b59abca6a662b338e7fdb0d702949643b2080bf60224998

    • SHA512

      5507a218283a81be1e963f5c8da196e6adaff1ee6e146a488200469428258ffd07e4e185584a35f65e17ce8208f3de6a5643398d25802b0a7edfc8a6586aea3b

    • SSDEEP

      49152:5KH9bAn8qkdEk/n3yLpKRYhEMfOGlhjFk99/:0

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks