General

  • Target

    b8a7e1135818fa4dbb26b1f50f96c01b8f7793467543769c18c0dd48fbedaf25N

  • Size

    1.3MB

  • Sample

    240919-1v56katarl

  • MD5

    e6c8fa729ebd280d8694f77f6d08de50

  • SHA1

    7516a7e670c93093e9094f92a4ed884e92064f1f

  • SHA256

    b8a7e1135818fa4dbb26b1f50f96c01b8f7793467543769c18c0dd48fbedaf25

  • SHA512

    cf2e396eecb8176277cf971416d543de89090640ffdb6e2a1a65b542a0562d1590b978636aa5a3ce3819a56d160bd9caea002678791cc1ff2da34d7e0ea9eaf8

  • SSDEEP

    24576:FXSC2KWXvuiq+kgJLjezttWAkynzZdaWF084N4232jO4c:0C2DXWiq+kVzzpK/N3g

Malware Config

Targets

    • Target

      b8a7e1135818fa4dbb26b1f50f96c01b8f7793467543769c18c0dd48fbedaf25N

    • Size

      1.3MB

    • MD5

      e6c8fa729ebd280d8694f77f6d08de50

    • SHA1

      7516a7e670c93093e9094f92a4ed884e92064f1f

    • SHA256

      b8a7e1135818fa4dbb26b1f50f96c01b8f7793467543769c18c0dd48fbedaf25

    • SHA512

      cf2e396eecb8176277cf971416d543de89090640ffdb6e2a1a65b542a0562d1590b978636aa5a3ce3819a56d160bd9caea002678791cc1ff2da34d7e0ea9eaf8

    • SSDEEP

      24576:FXSC2KWXvuiq+kgJLjezttWAkynzZdaWF084N4232jO4c:0C2DXWiq+kVzzpK/N3g

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v15

Tasks