General
-
Target
BBVA_74008300085000288003.bat
-
Size
3.0MB
-
Sample
240606-sv5wssgh69
-
MD5
17c7045b36fae5916e2900899e40fcdc
-
SHA1
793de1034b8dbce1547b85d7348324e8fb5d0106
-
SHA256
1242e10442597e1c7a5ba0eb08de59c358c4fa20c38a85b5870f892a8dad03df
-
SHA512
f4be2aa7efaad65542147360369292774d242c0cc8ab6489036f601b9e914642a3183d0a2b0130d216e2b40baaebf368395cf755a5680999c2e83cfcdf899e46
-
SSDEEP
49152:MmZIVekHAYmaBfa2cLySXFDvh13zo//zhK6x3UGZJyFxCknVgGlL1+I0bHdFE4K3:x
Malware Config
Targets
-
-
Target
BBVA_74008300085000288003.bat
-
Size
3.0MB
-
MD5
17c7045b36fae5916e2900899e40fcdc
-
SHA1
793de1034b8dbce1547b85d7348324e8fb5d0106
-
SHA256
1242e10442597e1c7a5ba0eb08de59c358c4fa20c38a85b5870f892a8dad03df
-
SHA512
f4be2aa7efaad65542147360369292774d242c0cc8ab6489036f601b9e914642a3183d0a2b0130d216e2b40baaebf368395cf755a5680999c2e83cfcdf899e46
-
SSDEEP
49152:MmZIVekHAYmaBfa2cLySXFDvh13zo//zhK6x3UGZJyFxCknVgGlL1+I0bHdFE4K3:x
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-