General

  • Target

    3654b40dca9e4d342fdfa061809995cb944837f6c1bbb5a701546c536b083513

  • Size

    90KB

  • Sample

    240620-zxbt3a1eqj

  • MD5

    dd6ac5791be2569b27a6e8b4f1a3b7ec

  • SHA1

    d333670fe599bfe4cd31cd30b1b59d9563e680df

  • SHA256

    3654b40dca9e4d342fdfa061809995cb944837f6c1bbb5a701546c536b083513

  • SHA512

    16aa0c60b1795172795e506f870494eda40e5c415e0b5a1dcffd217c75a92587ecd2eab22fa125ffc701ce118c73a25999252c8bd7a737f07d0b8654765a0590

  • SSDEEP

    1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDK:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3Y

Malware Config

Targets

    • Target

      3654b40dca9e4d342fdfa061809995cb944837f6c1bbb5a701546c536b083513

    • Size

      90KB

    • MD5

      dd6ac5791be2569b27a6e8b4f1a3b7ec

    • SHA1

      d333670fe599bfe4cd31cd30b1b59d9563e680df

    • SHA256

      3654b40dca9e4d342fdfa061809995cb944837f6c1bbb5a701546c536b083513

    • SHA512

      16aa0c60b1795172795e506f870494eda40e5c415e0b5a1dcffd217c75a92587ecd2eab22fa125ffc701ce118c73a25999252c8bd7a737f07d0b8654765a0590

    • SSDEEP

      1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDK:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3Y

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Detects Windows executables referencing non-Windows User-Agents

    • ModiLoader Second Stage

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks