General

  • Target

    CFXSPOOFUNBANFIVEMFREE2024.exe

  • Size

    9.3MB

  • Sample

    240621-lnhdlavdjc

  • MD5

    2a402d7dd6a119af44e3abcdf1ef2220

  • SHA1

    9752845d910d149a40659d5aaf065f6512eeba8e

  • SHA256

    8ddf12da987d0f08331b7be474b0426a3924e3970686e630aa63d32771dc98cf

  • SHA512

    b466ebc415d867f25a860f00ad1535a5a4ecbf9f619012bd02fd4eb2fb8a4348dc6a69e8fe4326905686ba26a4bebcbd58c58782e7654b067467018cf969927a

  • SSDEEP

    196608:rqwpBEso/SZImPC2o1cewhG4cL44T5KIX64JgJ9fL2spMPEZ3k:ks5ZUqlG4j4T5KIqmK9fLPmsa

Malware Config

Targets

    • Target

      CFXSPOOFUNBANFIVEMFREE2024.exe

    • Size

      9.3MB

    • MD5

      2a402d7dd6a119af44e3abcdf1ef2220

    • SHA1

      9752845d910d149a40659d5aaf065f6512eeba8e

    • SHA256

      8ddf12da987d0f08331b7be474b0426a3924e3970686e630aa63d32771dc98cf

    • SHA512

      b466ebc415d867f25a860f00ad1535a5a4ecbf9f619012bd02fd4eb2fb8a4348dc6a69e8fe4326905686ba26a4bebcbd58c58782e7654b067467018cf969927a

    • SSDEEP

      196608:rqwpBEso/SZImPC2o1cewhG4cL44T5KIX64JgJ9fL2spMPEZ3k:ks5ZUqlG4j4T5KIqmK9fLPmsa

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • ModiLoader Second Stage

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks