General

  • Target

    30102024_1558_x.exe

  • Size

    1.0MB

  • Sample

    241030-teym8awhnc

  • MD5

    b67d69965c95d0f1ffba93e43531429e

  • SHA1

    e2177031464a752896b84998404d644ec5282551

  • SHA256

    b117c283d763848b58241b0012fde63a571306946d9fa435949d98a8c9774161

  • SHA512

    76df3a575c29b1b015cd456ce305830cf4ad4d2e4877a069bc26f5fe143e64e8c55e28c84a5860f70fd6a1d105620ecd1ff16b5d6b725c81fcbc3f17dc6adae6

  • SSDEEP

    24576:ZVb5KPAdOzVmG3zd+SIDT8Jf3pbV13Jks:ZVhOhd+SI8t5X

Malware Config

Targets

    • Target

      30102024_1558_x.exe

    • Size

      1.0MB

    • MD5

      b67d69965c95d0f1ffba93e43531429e

    • SHA1

      e2177031464a752896b84998404d644ec5282551

    • SHA256

      b117c283d763848b58241b0012fde63a571306946d9fa435949d98a8c9774161

    • SHA512

      76df3a575c29b1b015cd456ce305830cf4ad4d2e4877a069bc26f5fe143e64e8c55e28c84a5860f70fd6a1d105620ecd1ff16b5d6b725c81fcbc3f17dc6adae6

    • SSDEEP

      24576:ZVb5KPAdOzVmG3zd+SIDT8Jf3pbV13Jks:ZVhOhd+SI8t5X

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modiloader family

    • ModiLoader Second Stage

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks