General

  • Target

    modengine.zip

  • Size

    17.6MB

  • Sample

    241107-z65thayfla

  • MD5

    724cf4870e4c5d9aacf8584de2b499de

  • SHA1

    b4ddd0879b129da7bf88fc48924f3f50d930fe3f

  • SHA256

    9731066773f29ff5bacec647b57fe156d1806ebab7b57800855dfeb32605cee0

  • SHA512

    62ae5424ce826c7d77bb6a1aa14fbb3e6c836348d56147c8bd5a8c8340d68573cdac066d366707339d4c89d3a04f3cb89ff2c0a69c4441b7b5d4131865093d60

  • SSDEEP

    393216:lQjQtSYDeyHAiJfWWS2XWKeopHHqha+51Hzn2d9oUSQg8e3:SMkYKyFfHStKeOHHqhayHznEbe3

Score
5/10

Malware Config

Targets

    • Target

      ModEngine/ModEngine.exe

    • Size

      16.3MB

    • MD5

      6cb78f5454ba0b54912ab8b33163e4e3

    • SHA1

      2cfac31fb1b5b35f1b6687cb116a7208d9a52099

    • SHA256

      ba230925c0d9dd73c6c4c9e2d93dd943e518da5c21686ae088e4ef28e48485fa

    • SHA512

      adecef143058f3f27e12c585e35228827f4cfbd521ff085014767fe7fc150be352ffaabc5612bb0e2541747a1e3d41adb07dd766ae5fffa12daa82028d59f7a8

    • SSDEEP

      393216:9R8+DA4w8tXUg4ypSk5Qk+UBTp1BlnEy0hPO:9m+MkXR4pWuU/1BlnEy0hPO

    Score
    5/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    • Target

      ModEngine/lua/dlls/DotNetInterface.dll

    • Size

      8KB

    • MD5

      5b12656d94b4bbb14c7c59d2c34c3c0b

    • SHA1

      b6ccc3bbd82456b83ee01c0b4f44b847b401f494

    • SHA256

      4eafac874d7a3e9d1ff72e1810d9b1828f0a99a429290d739246786fa7939e66

    • SHA512

      77c9fd0aa9f6f2e4a3109e85f6b2062e5fbd4ec8942dbcd62907742273c1dce691d0de1992d3e41d2ed54e38b3d98fee10af8b7b3d84220d88da4b1225c644a4

    • SSDEEP

      192:41OcJck67k4zua8M6hahFz/V49eTVTcl:gOcJck6747FhaV49ehTcl

    Score
    1/10
    • Target

      ModEngine/lua/dlls/MonoDataCollector32.dll

    • Size

      378KB

    • MD5

      36a5efb2e73e652216c58d7cf8402748

    • SHA1

      e40926beccd687add6e89c9cb45fef7e73f37ecd

    • SHA256

      484d2d7eeb49a538162467819b4262aeea1eb45dfea92796520f93e421ecf20d

    • SHA512

      2af5595b489428b5c5403cf2d9bd0845d877cc166b87f1640d729224e740f11141b2606332ffc2ac12d6da8bb5ed7d5636fc5683f5cdafbc8cdb19676ae00e46

    • SSDEEP

      6144:e0eMHxadZltCtCbvvO4WsD0gWZATaxLqvqzplT4rtwAOag494uZlo69YIT:e4xadXtCEbvvO4WsxsATasvUqrtwwg4l

    Score
    5/10
    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      ModEngine/lua/dlls/MonoDataCollector64.dll

    • Size

      505KB

    • MD5

      9f12c94f8b3d5c5c07d6e510ea10fe3a

    • SHA1

      42003013a194e13f2354183f69bfc77ebe1c8c36

    • SHA256

      93125bb74fcff6d7c00a8bf28858826badb62add244636296ecf87b5259d239d

    • SHA512

      58adcbab27e1e3a9c95c2011f1bd416626dec29ecf6c4bc8e3be189636713e30305dd87a584b26107613520797658af6ac6176263e96ff0f892176a651de8cd8

    • SSDEEP

      6144:J2IkI+FKFaLmXBKQ3syN8ROOK5lcsfM6/fjyJKfTqP4+R0XHyohfooWgY2efvn+T:clHEQQcyN8RYl6NAyop6gYnmi8D

    Score
    5/10
    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      ModEngine/lua/monoscript.lua

    • Size

      104KB

    • MD5

      cd5bb3f15cb7a9dad2dfcd90b58a8413

    • SHA1

      d223a680a89c5de611eb374f962e88df8b36b41a

    • SHA256

      61d8d8b8ea43a2651cec2295aa04805e9daf99e3d45890a0bc2c35ede46dcb27

    • SHA512

      22c7928041c045650c179a1529ec67b3bf0e47ab96289031592c1a4f19bcb322582695d40d0254859df6ec72ee0f3d0c7a5fc690adc62598d082b473c08afe4e

    • SSDEEP

      768:/smxQLPqWuiXL9eoiK8uthP/xoiEFLWiP8bTg1b3lDWIkCD+JwaS7CIta9HEPsuo:724aRTTwfo6FV23s8DN

    Score
    3/10
    • Target

      ModEngine/lua53-32.dll

    • Size

      439KB

    • MD5

      dde3f283f576c0469443f6a59adaca76

    • SHA1

      aef9a9b07f542eac0dd0012525d12a522bfdb877

    • SHA256

      7b4f832fdb72fa75a67c9e035f828de0057dbb5d3c4e9963a9fe596719af0cf9

    • SHA512

      d18f8344673a65678dc610ba60493b12b988741569f61e8abcfd80f69b44cdca8da09012c72f6d2476bab6fdd105d10d514a3655bef79cd897fa48e48337a9a0

    • SSDEEP

      12288:lBj8paX8fQ/T/md4OASZAOLRwRai6wXGn+hfc:lxLrLmd4OA4L8DXGnmc

    Score
    3/10
    • Target

      ModEngine/lua53-64.dll

    • Size

      515KB

    • MD5

      13100b2466570bf52c48725199c4e3c6

    • SHA1

      166cc1d388de4d292d4cd9331ef65ee3a158a31e

    • SHA256

      002dcb8ae68f51d54927b05e4726601640c6ddd6a063cc306640a7245b655f57

    • SHA512

      5e916722673d431417400836e9555148b433a4f9a15e06076ec3eb1c0ba986915c4f4d6940e7f88dcbb2f9599458e14d692bcaaa56dc1e2253005ab295d8589d

    • SSDEEP

      6144:7shVOadaiL9mUHQMpgL8LgpqClZNKX6SumisBEb/NUidzSky3uDMK/LXTMBQqN5I:TOL9J2L8E5VKKSuLGEhXGstCXoYkc7B6

    Score
    1/10
    • Target

      ModEngine/speedhack-i386.dll

    • Size

      189KB

    • MD5

      4acc9d3311fff9d1ac7697010b43f90b

    • SHA1

      6874d871367bb522c6c6c08b5234b87f1c3e1c69

    • SHA256

      2f77a5e845ee6838bfdc73005e748084a79e18ae0e2de4702224041cde78e0ba

    • SHA512

      b842da8bd37a7df85e9776eed956406cbf3b595e23748121170f57e906123ae3b70a561dc28669b19622ff33007830bd8b248b26526ff95a50ff1f897c92bc12

    • SSDEEP

      3072:ZNyaW1Pg7kFtOp8+vRha0DAyheYn13qaIhRFXOucMEx32zPzIy2G:ZNyal78m8+vRMEe4a4OEOb8G

    Score
    3/10
    • Target

      ModEngine/speedhack-x86_64.dll

    • Size

      245KB

    • MD5

      156249ce92b9a15d71c39160dc05b4a1

    • SHA1

      2c2a926456f2c1929fecbe33f9aaf7842d1961a1

    • SHA256

      3bd69d00774b40132bd621c09c11093f188f06d634db64a19a78c46a27388c8f

    • SHA512

      5229ca79ca70ecc4e0581bdf1e859a711ca47d4dc226de437dea58fd49a854e80b9368c4d216eb60b0d10b8fa75bb74ce37f8659c0aa59b436fb44570ebcb5d7

    • SSDEEP

      3072:5ViiO5Ea9m3XJusq4opSm7Im9SC2w/iKhF58jfq65bgusSVIRZOl0vDoD4CfOMst:5VZcWJusRPm7kCdKfkkASX/S

    Score
    1/10
    • Target

      ModEngine/sqlite.dll

    • Size

      1.3MB

    • MD5

      c11138204609ea63a3e88b4c8c09b035

    • SHA1

      b0829124f7e275b0f341c6af0fdd3dd5f65667a4

    • SHA256

      60c16c2fab14b344b8343778dcd6bbfdee3dfe5f83d1ac8d2e50c6877419eee4

    • SHA512

      28d9e92498433c1f6ec41893fc17db76d6cb7a1c565461eb6e67eebc2b924dd4aa65486c29874caa9ac5c78f804a8799c7ce1c641dd9f080bf1bf94b58ca208c

    • SSDEEP

      12288:aHnKY5WcmiyfogSknJbjhrbXBbrxaLsBDJbVQAjXwcasznMbDz43X6dmM:aqY5Wcmi4FJbXdsLsBNRQAjgH

    Score
    1/10
    • Target

      ModEngine/startModEngine.exe

    • Size

      1.3MB

    • MD5

      a36a3d178bf4af6a7805e0e7b1b8aff6

    • SHA1

      3e5d48269026ade587ea5e3111cc701542fd5029

    • SHA256

      65e30ef1e660ab1e0dadf73c94f6772d092292685dca10d69d848f816518d203

    • SHA512

      4830c8477c4ed4dd8fd15456178a3a411d951fd3152d89cf5c0116937283576e2bec41af8937c6366429d7feb16cbf1e808d7771d889df81cd4548299a4e4572

    • SSDEEP

      12288:7ia/nlf4cMRqOTEPN2ySosXWApDp0hUyp4qw:V/nlfBM1aN2a+pDp0Fhw

    Score
    5/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    • Target

      ModEngine/vehdebug-i386.dll

    • Size

      293KB

    • MD5

      e427a09c9df940d8e642679a0742079c

    • SHA1

      d39d1d47edb20b666a2ffe59a1075639f3a47bde

    • SHA256

      9a7e39788bcaac1ea29898f4fdfdcb252785f70d551cf602ad87b77b9a64d6f0

    • SHA512

      76870d7482133bce6bf02dcccce46f438c0deb43daffcf440b2d6b7e8e507376c0e6aee262006ad0ec1964630b1c6f62ebfd6850815a24818a94ebdfed8e1382

    • SSDEEP

      6144:VMek30eIejllI8n1b7nBzwlt/VCWs4zzcwgsaH8E4U:1k30eIkllhxjSlHFzQwgsaHWU

    Score
    3/10
    • Target

      ModEngine/vehdebug-x86_64.dll

    • Size

      381KB

    • MD5

      fbaf0bf6e47e4026997be3c2f4eb5599

    • SHA1

      9f4ad4bb186c6c369d9ae36de798358d9b293eb0

    • SHA256

      29866065375542a19c52ff003da0f2a792d8e0816a52cf8d3e193dd4fe005d22

    • SHA512

      cdb25b8c5eacdb1b2b8e0a23a2381efef8d3a41989ec6ee9d1fbae8346a46650d6014191ee4edd6339b3d4ed02b11255e92ff899a748522a50c8baff8f447299

    • SSDEEP

      3072:0LJQH9j5058zzAKrQCKEIHJ8SS4TnC6ckW3plz9Mu0TVv7Wn2PPsml62TEuGFGLg:0LJQHTfDMCy5HFWsb6eelfQ/gMHCPS4

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks