General

  • Target

    1093b29c0eea8bf48b196336fb8abfce147a46db1729b75288d222d37bf5dc43

  • Size

    130KB

  • Sample

    240430-xr48badh5w

  • MD5

    430617c027a1399e8b2882de0f26abeb

  • SHA1

    ad82555a7b2cd755007b145eb4e5e8d747eb65ac

  • SHA256

    1093b29c0eea8bf48b196336fb8abfce147a46db1729b75288d222d37bf5dc43

  • SHA512

    74a382f88c88935898005f7880666ce61aca25db18a6a9ae868ad8889cc9b58adde725c137e73f922e220c71fd593c0e223661c4c0b5e1ab9f7ac2432dc31789

  • SSDEEP

    1536:mH1ZaQvR1KiX3NK6I+hZhYrt/w5Q6G6IpiRYzz9qJHhhnm0yG5aP/5UROXTmNJ:6KQJcinxphkG5Q6GdpIOkJHhKRyOXK

Malware Config

Targets

    • Target

      1093b29c0eea8bf48b196336fb8abfce147a46db1729b75288d222d37bf5dc43

    • Size

      130KB

    • MD5

      430617c027a1399e8b2882de0f26abeb

    • SHA1

      ad82555a7b2cd755007b145eb4e5e8d747eb65ac

    • SHA256

      1093b29c0eea8bf48b196336fb8abfce147a46db1729b75288d222d37bf5dc43

    • SHA512

      74a382f88c88935898005f7880666ce61aca25db18a6a9ae868ad8889cc9b58adde725c137e73f922e220c71fd593c0e223661c4c0b5e1ab9f7ac2432dc31789

    • SSDEEP

      1536:mH1ZaQvR1KiX3NK6I+hZhYrt/w5Q6G6IpiRYzz9qJHhhnm0yG5aP/5UROXTmNJ:6KQJcinxphkG5Q6GdpIOkJHhKRyOXK

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Detects Windows executables referencing non-Windows User-Agents

    • ModiLoader Second Stage

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks