General

  • Target

    73b259c72cb2531e001a0eaa1c9d87d1a2c0385fb6073eb9f9782273db0903e2

  • Size

    112KB

  • Sample

    240620-3kpf6swhnp

  • MD5

    78a5ea6b57d8b722d7c42b0c7ef3d1da

  • SHA1

    9edcb82d629f6e58331e06a504916f24a19bb13f

  • SHA256

    73b259c72cb2531e001a0eaa1c9d87d1a2c0385fb6073eb9f9782273db0903e2

  • SHA512

    fde35984361d1e02a81da4c1a8cc19b8b15e745cbaab245ca576cd7fae8f192b4998a4a078b7482c067fd93fda129032bbb7a0624def57fa05e77198a3f119bc

  • SSDEEP

    1536:t2ovIa47CqIf2f3w41p7sDcX7juR/JSJw8EeNshUDGXJ:tVIr7zI+fAceoGxSKKo5

Malware Config

Targets

    • Target

      73b259c72cb2531e001a0eaa1c9d87d1a2c0385fb6073eb9f9782273db0903e2

    • Size

      112KB

    • MD5

      78a5ea6b57d8b722d7c42b0c7ef3d1da

    • SHA1

      9edcb82d629f6e58331e06a504916f24a19bb13f

    • SHA256

      73b259c72cb2531e001a0eaa1c9d87d1a2c0385fb6073eb9f9782273db0903e2

    • SHA512

      fde35984361d1e02a81da4c1a8cc19b8b15e745cbaab245ca576cd7fae8f192b4998a4a078b7482c067fd93fda129032bbb7a0624def57fa05e77198a3f119bc

    • SSDEEP

      1536:t2ovIa47CqIf2f3w41p7sDcX7juR/JSJw8EeNshUDGXJ:tVIr7zI+fAceoGxSKKo5

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Detects Windows executables referencing non-Windows User-Agents

    • ModiLoader Second Stage

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks