General
-
Target
9802bfe473af785aa10e169d5b158fb8f2b840e2e9f35e260461f3e3e29f0733.cmd
-
Size
5.7MB
-
Sample
241017-cf75lszdrm
-
MD5
b1ab5fb314f925da8eaa1b3a20d2b0ef
-
SHA1
df9ea2eade86b5fa44b8431884e6eb33dd5504d6
-
SHA256
9802bfe473af785aa10e169d5b158fb8f2b840e2e9f35e260461f3e3e29f0733
-
SHA512
e6bc5e7760cd011eb29bc93336bba62e37fd8d55f6e556feb835182034e6597605726a04dd2fea9d99840d92c6fbc2d704135fa9ff52c4e2b86a5db6677984fc
-
SSDEEP
49152:ZwK2BZTiuXlB6naHbioM2VXXATTZdVrcL5XpSu5z4AHpeqN4d9l8H2mZK/HBkEOp:Q
Static task
static1
Behavioral task
behavioral1
Sample
9802bfe473af785aa10e169d5b158fb8f2b840e2e9f35e260461f3e3e29f0733.cmd
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
9802bfe473af785aa10e169d5b158fb8f2b840e2e9f35e260461f3e3e29f0733.cmd
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
9802bfe473af785aa10e169d5b158fb8f2b840e2e9f35e260461f3e3e29f0733.cmd
-
Size
5.7MB
-
MD5
b1ab5fb314f925da8eaa1b3a20d2b0ef
-
SHA1
df9ea2eade86b5fa44b8431884e6eb33dd5504d6
-
SHA256
9802bfe473af785aa10e169d5b158fb8f2b840e2e9f35e260461f3e3e29f0733
-
SHA512
e6bc5e7760cd011eb29bc93336bba62e37fd8d55f6e556feb835182034e6597605726a04dd2fea9d99840d92c6fbc2d704135fa9ff52c4e2b86a5db6677984fc
-
SSDEEP
49152:ZwK2BZTiuXlB6naHbioM2VXXATTZdVrcL5XpSu5z4AHpeqN4d9l8H2mZK/HBkEOp:Q
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
7Credentials In Files
6Credentials in Registry
1