General

  • Target

    3084ceb40003c7d809456ccf45bd9b70_NEAS

  • Size

    130KB

  • Sample

    240506-3ftv4abc52

  • MD5

    3084ceb40003c7d809456ccf45bd9b70

  • SHA1

    372cb956d27aba4ac27217b19b2182a5d0fe578e

  • SHA256

    e8f44e37d91f1200798cbc0cbad523e4271860be90f184b008002472fb6f491f

  • SHA512

    a7d3cffeaf94c9b542fb47ddc6c4f293a8bcc8aaccb2545b9bf34983ac782518c35b5e1683d5987e33f36d173351b3679c6d41838e88d3a5a9cbacb27ea26fe7

  • SSDEEP

    1536:eH1ZaQvR1KiX3NK6I+hZhYrt/w5Q6G6IpiRYzz9qJHhhnm0yG5aP/5UROXTmZI:SKQJcinxphkG5Q6GdpIOkJHhKRyOXKi

Malware Config

Targets

    • Target

      3084ceb40003c7d809456ccf45bd9b70_NEAS

    • Size

      130KB

    • MD5

      3084ceb40003c7d809456ccf45bd9b70

    • SHA1

      372cb956d27aba4ac27217b19b2182a5d0fe578e

    • SHA256

      e8f44e37d91f1200798cbc0cbad523e4271860be90f184b008002472fb6f491f

    • SHA512

      a7d3cffeaf94c9b542fb47ddc6c4f293a8bcc8aaccb2545b9bf34983ac782518c35b5e1683d5987e33f36d173351b3679c6d41838e88d3a5a9cbacb27ea26fe7

    • SSDEEP

      1536:eH1ZaQvR1KiX3NK6I+hZhYrt/w5Q6G6IpiRYzz9qJHhhnm0yG5aP/5UROXTmZI:SKQJcinxphkG5Q6GdpIOkJHhKRyOXKi

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks