General

  • Target

    101595ccb9c84f03b395b7c44d9955a3478909f98ee597f31c30135647722419

  • Size

    90KB

  • Sample

    241122-yf8l2axmat

  • MD5

    718f54b861f63d41368742a197fd6d22

  • SHA1

    849cb5eb8086ff09bb71591c2fc9559a18c15dde

  • SHA256

    101595ccb9c84f03b395b7c44d9955a3478909f98ee597f31c30135647722419

  • SHA512

    7a5e31e5d6f97cbde906ae60b487e5a5c257904aa2f14f0d02e4b81b26ad07f3ddd26c900fdb12eb6f3861b3cf8ed41bfcbdbf70999d48426b829dee26d40f3b

  • SSDEEP

    1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDV:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3H

Malware Config

Targets

    • Target

      101595ccb9c84f03b395b7c44d9955a3478909f98ee597f31c30135647722419

    • Size

      90KB

    • MD5

      718f54b861f63d41368742a197fd6d22

    • SHA1

      849cb5eb8086ff09bb71591c2fc9559a18c15dde

    • SHA256

      101595ccb9c84f03b395b7c44d9955a3478909f98ee597f31c30135647722419

    • SHA512

      7a5e31e5d6f97cbde906ae60b487e5a5c257904aa2f14f0d02e4b81b26ad07f3ddd26c900fdb12eb6f3861b3cf8ed41bfcbdbf70999d48426b829dee26d40f3b

    • SSDEEP

      1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDV:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3H

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modiloader family

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks