General

  • Target

    d59eb82f6d72b21a2328827d9649adcb744828d51426ccab3be006976176072b

  • Size

    308KB

  • Sample

    240504-d3lesscb2z

  • MD5

    36fc6bf8eea3c87edebc4409c068fe3a

  • SHA1

    2ade6c0b9b019990d88dbeb9020a03f3ea79f0ee

  • SHA256

    d59eb82f6d72b21a2328827d9649adcb744828d51426ccab3be006976176072b

  • SHA512

    ee589e2e0d9dd9da97bba9acc3fa33143118b5747903653fcd4a482a814bd9089a2fc243e18fcdb9075e0591ecd9dd56fd69fc8e159dd0a36ee2734f9b437792

  • SSDEEP

    3072:/c3sBG7mXh7m/zZM3jAbNOM6CNtDCZFL:E3sBz0Z4Mj72F

Malware Config

Targets

    • Target

      d59eb82f6d72b21a2328827d9649adcb744828d51426ccab3be006976176072b

    • Size

      308KB

    • MD5

      36fc6bf8eea3c87edebc4409c068fe3a

    • SHA1

      2ade6c0b9b019990d88dbeb9020a03f3ea79f0ee

    • SHA256

      d59eb82f6d72b21a2328827d9649adcb744828d51426ccab3be006976176072b

    • SHA512

      ee589e2e0d9dd9da97bba9acc3fa33143118b5747903653fcd4a482a814bd9089a2fc243e18fcdb9075e0591ecd9dd56fd69fc8e159dd0a36ee2734f9b437792

    • SSDEEP

      3072:/c3sBG7mXh7m/zZM3jAbNOM6CNtDCZFL:E3sBz0Z4Mj72F

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Detects Windows executables referencing non-Windows User-Agents

    • ModiLoader Second Stage

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks