General

  • Target

    df90303b419a6e98df4cf992845f0380_NEAS

  • Size

    90KB

  • Sample

    240507-t7bddshd93

  • MD5

    df90303b419a6e98df4cf992845f0380

  • SHA1

    b93a69134b7243f89c274e538ea6e50cc625f4cc

  • SHA256

    32ff70c4f0a9d2aab2447b0a5646efb6ef674a21e3c2f349c054d1aa3e8c7c82

  • SHA512

    a7c0b997e31675538c9a8d70fbba8c36fda6b5b9daeb72b5b4d977f3cfbdd7cdb8bb2865e6c6abb5b3657e4acad13e40ab3872b2167c8f3e440e9dbfd90d820b

  • SSDEEP

    1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDK:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3Y

Malware Config

Targets

    • Target

      df90303b419a6e98df4cf992845f0380_NEAS

    • Size

      90KB

    • MD5

      df90303b419a6e98df4cf992845f0380

    • SHA1

      b93a69134b7243f89c274e538ea6e50cc625f4cc

    • SHA256

      32ff70c4f0a9d2aab2447b0a5646efb6ef674a21e3c2f349c054d1aa3e8c7c82

    • SHA512

      a7c0b997e31675538c9a8d70fbba8c36fda6b5b9daeb72b5b4d977f3cfbdd7cdb8bb2865e6c6abb5b3657e4acad13e40ab3872b2167c8f3e440e9dbfd90d820b

    • SSDEEP

      1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDK:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3Y

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks