General

  • Target

    c61bd926d17a408a738b79ed3761ac6dddc35fa5f50794a7a59e2eaaf8dc4b11.exe

  • Size

    338KB

  • Sample

    241119-pfrh3s1jgq

  • MD5

    563dc5975e261789895fed97482b43ab

  • SHA1

    733c8ebc3b82a42ec9b5184ec70cc877760cfecb

  • SHA256

    c61bd926d17a408a738b79ed3761ac6dddc35fa5f50794a7a59e2eaaf8dc4b11

  • SHA512

    05a59f4493856263afb09694b371bc38b12130acb15e57a44103a4d4d34c7ef00fb5f50010504ca48b0d5a29468696560f0446e85c5bc16ea0049d27020561a4

  • SSDEEP

    3072:bc3sBG7mXh7m/zZM3jAbNOM6CNtDCZFc/H:w3sBz0Z4Mj72Fg

Malware Config

Targets

    • Target

      c61bd926d17a408a738b79ed3761ac6dddc35fa5f50794a7a59e2eaaf8dc4b11.exe

    • Size

      338KB

    • MD5

      563dc5975e261789895fed97482b43ab

    • SHA1

      733c8ebc3b82a42ec9b5184ec70cc877760cfecb

    • SHA256

      c61bd926d17a408a738b79ed3761ac6dddc35fa5f50794a7a59e2eaaf8dc4b11

    • SHA512

      05a59f4493856263afb09694b371bc38b12130acb15e57a44103a4d4d34c7ef00fb5f50010504ca48b0d5a29468696560f0446e85c5bc16ea0049d27020561a4

    • SSDEEP

      3072:bc3sBG7mXh7m/zZM3jAbNOM6CNtDCZFc/H:w3sBz0Z4Mj72Fg

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modiloader family

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks