General

  • Target

    286b052e9066c0321d8bab07071486d96244476e922260460498daa30d86835b

  • Size

    308KB

  • Sample

    240429-yhdvfabb34

  • MD5

    2521d6a6082ff0e32151a65c8e8e3c46

  • SHA1

    ed500d73c755432c74018d4a8b85244b78761209

  • SHA256

    286b052e9066c0321d8bab07071486d96244476e922260460498daa30d86835b

  • SHA512

    64f706d375d6f74f9b95c802bcdd9013f07903ffcd88d7af24a374bb29b779b57fa631341ac7e0dbbf54fdd7986abef28484a65785dca10744d80226b229b7e6

  • SSDEEP

    3072:/c3sBG7mXh7m/zZM3jAbNOM6CNtDCZFL:E3sBz0Z4Mj72F

Malware Config

Targets

    • Target

      286b052e9066c0321d8bab07071486d96244476e922260460498daa30d86835b

    • Size

      308KB

    • MD5

      2521d6a6082ff0e32151a65c8e8e3c46

    • SHA1

      ed500d73c755432c74018d4a8b85244b78761209

    • SHA256

      286b052e9066c0321d8bab07071486d96244476e922260460498daa30d86835b

    • SHA512

      64f706d375d6f74f9b95c802bcdd9013f07903ffcd88d7af24a374bb29b779b57fa631341ac7e0dbbf54fdd7986abef28484a65785dca10744d80226b229b7e6

    • SSDEEP

      3072:/c3sBG7mXh7m/zZM3jAbNOM6CNtDCZFL:E3sBz0Z4Mj72F

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Detects Windows executables referencing non-Windows User-Agents

    • ModiLoader Second Stage

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks