General

  • Target

    2ff74a834f9c8676d286b82906ab1220_NEAS

  • Size

    130KB

  • Sample

    240506-3dvdvagb3z

  • MD5

    2ff74a834f9c8676d286b82906ab1220

  • SHA1

    d129238dc1ca22edbcec4e988953e804a85b58cb

  • SHA256

    7ee1daa144b52f42e36565ad54e25848377eef3ad92f985e6725f5646b5e71cd

  • SHA512

    942e60c841020c1d7ef81f0e59c99b21730a9f1cabde4fce869bfb4693a06befe88e235939341ee719fd0d1f8548a93fc849eb43c42967ce3af639bd7451a431

  • SSDEEP

    1536:eH1ZaQvR1KiX3NK6I+hZhYrt/w5Q6G6IpiRYzz9qJHhhnm0yG5aP/5UROXTmZG:SKQJcinxphkG5Q6GdpIOkJHhKRyOXKE

Malware Config

Targets

    • Target

      2ff74a834f9c8676d286b82906ab1220_NEAS

    • Size

      130KB

    • MD5

      2ff74a834f9c8676d286b82906ab1220

    • SHA1

      d129238dc1ca22edbcec4e988953e804a85b58cb

    • SHA256

      7ee1daa144b52f42e36565ad54e25848377eef3ad92f985e6725f5646b5e71cd

    • SHA512

      942e60c841020c1d7ef81f0e59c99b21730a9f1cabde4fce869bfb4693a06befe88e235939341ee719fd0d1f8548a93fc849eb43c42967ce3af639bd7451a431

    • SSDEEP

      1536:eH1ZaQvR1KiX3NK6I+hZhYrt/w5Q6G6IpiRYzz9qJHhhnm0yG5aP/5UROXTmZG:SKQJcinxphkG5Q6GdpIOkJHhKRyOXKE

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks