General

  • Target

    27032024_0013_26032024_Transferencia 27999901671.rar

  • Size

    766KB

  • Sample

    240326-tn86bagh8w

  • MD5

    c168aabb133670af8ca7fbde58fe81a4

  • SHA1

    031eacf6539f15dacbfd73cacd4f5af2dd2771a8

  • SHA256

    0a876cb36baec94584301a2f300a3dafe7e4794205ae451036e6629123c6ddc4

  • SHA512

    3f8f0ad391577dbdd99a06b9e1ba98f2692e2bae100e367939ff8ddf3039a73cad467e58b56ecb94ed4d9f7e216e671a9807565fe2e757e98ae117e139489442

  • SSDEEP

    12288:xXCOm16g4yDo5959E+Z5xqEC/bJlCl8+o0bj63CYkhzZcjWUKxUdRPsY:Nm16g4eo5LWi5xglgzvFYmzWK/U/PT

Malware Config

Targets

    • Target

      Transferencia 27999901671.bat

    • Size

      3.1MB

    • MD5

      2e016a2667734c3d435c4a9a36d729c9

    • SHA1

      f3874d336db527df9fb5dbf497d1edd7a5ddc977

    • SHA256

      9c25c340901294d46d8361d4914e0bb3473e38fe4b9d742e737c519279bc4401

    • SHA512

      c8feb5329740f5d71edb7d40b213a17d9095f098187d2ecd0c48504b9bed2b407e3dafb346c544f26129d3ea0f22e4816e7b0116384be0b511974fed57f41661

    • SSDEEP

      24576:2wyJPcV/Hrrz6jT6vaQrAAAy4QE1FpVJQQul6kE82zg38H6HKpLJrvvfzrEZnfQa:9yJPcVHQNQrAAHEPJQT7Z38dEDg3xfO

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks