General

  • Target

    71523d4ed0a8d827f80c6d2e9ec825e0_NEAS

  • Size

    326KB

  • Sample

    240507-f2p3psbb3s

  • MD5

    71523d4ed0a8d827f80c6d2e9ec825e0

  • SHA1

    7b5d36ad61933ea1ecf0314879d54994c5075a41

  • SHA256

    28f1e799b00bed99d9777b6d48e7f20c9d2dd9386869ecea13ab68633600abfa

  • SHA512

    10f9834ecc6ae105ab5f9cc3a30960b7cabc6b68760c3ed3f1134df0329d4b7e4737b1400f56394ad162155055a08c07010a307e72d6a78e8fa3a6bf248b780b

  • SSDEEP

    3072:Ie2A0wxDqUpM5scww4chO+O1BmP5DG0sg3i4XZ9WvDZHwdRX/L+gP38XV:IsxD5cwohO+O1sVG0/pZ6iPC8

Malware Config

Targets

    • Target

      71523d4ed0a8d827f80c6d2e9ec825e0_NEAS

    • Size

      326KB

    • MD5

      71523d4ed0a8d827f80c6d2e9ec825e0

    • SHA1

      7b5d36ad61933ea1ecf0314879d54994c5075a41

    • SHA256

      28f1e799b00bed99d9777b6d48e7f20c9d2dd9386869ecea13ab68633600abfa

    • SHA512

      10f9834ecc6ae105ab5f9cc3a30960b7cabc6b68760c3ed3f1134df0329d4b7e4737b1400f56394ad162155055a08c07010a307e72d6a78e8fa3a6bf248b780b

    • SSDEEP

      3072:Ie2A0wxDqUpM5scww4chO+O1BmP5DG0sg3i4XZ9WvDZHwdRX/L+gP38XV:IsxD5cwohO+O1sVG0/pZ6iPC8

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks