General

  • Target

    USD470900_COPY_800BLHSBC882001.PDF.tar.gz

  • Size

    1002KB

  • Sample

    241119-rpqdgsxgkq

  • MD5

    8d2ef1e5832c1347adbce77da23dd85b

  • SHA1

    cd2d2fd4445567a6acc7ba0d5e88e9a12c1283f7

  • SHA256

    5d8e6414c7ee9bf8b314ceb9b2947743d97f5ca6eea088386d9d0dbe2c8c04bf

  • SHA512

    d8f9814e445a18b5b03fb3931fee5146f05fc8933fabc8e552dadf59b03874079b416f7f9398b65f6942aad4c2a3c46f559f0838f1425d5606aef587b1a9fd50

  • SSDEEP

    24576:Mrecoibwo7v+znqvsjpy/3mK4MU5j/WCy+YxD+Ga:Mr1oCwYvGnuTPmFv0D+YxDQ

Malware Config

Targets

    • Target

      USD470900_COPY_800BLHSBC882001.PDF.bat

    • Size

      3.2MB

    • MD5

      c96743116088d21b52516f16f4866f69

    • SHA1

      9b9d500993f74ed975945419b6a25c03e80d8400

    • SHA256

      58348cc94b984ca026fa0a319b93ac988a394ed3d5ec39c01c47a8e762ebdb16

    • SHA512

      1a7520b8de10e9fb71f18f22287e298f25743a26ea946e71fb3b895bb8679f86986fe2b0ec30a0d7589cd85af404eca27d8ccf2a47f895f9c166c55660a8edd0

    • SSDEEP

      24576:PdLbg3tuCmhfOs2TLie3m0nKaf5ohA87eR4xGVPTXJF7wb2l+qCWuj8lzoQjJpcp:PR03turhfwL8uJFlEoNZHk

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modiloader family

    • ModiLoader Second Stage

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook accounts

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks