General
-
Target
2da5308997bc625d6444a850a3227d70b5539ce0c643bf753eba467a9a5ceda9.exe
-
Size
275KB
-
Sample
241126-d39gmaypap
-
MD5
21b8a92ea40f126600c1affbfa9f4d76
-
SHA1
55d9a35f590782da2dc0d44bcbe2992d6c824e82
-
SHA256
2da5308997bc625d6444a850a3227d70b5539ce0c643bf753eba467a9a5ceda9
-
SHA512
ffdebb4e709e5b733ea9f6af5fbbe006f96fbd702bb4a61ff078b6a5b8adb6fb3a769aa533a46ca1bd2c30d707592abb98e8e3db9e0fd7476995584dd1604f90
-
SSDEEP
6144:KG377xS2Vp2CeiorXhwTBOc53HpcCJJvHk:Zr7xS2Vp6FwTHbJJvHk
Malware Config
Targets
-
-
Target
2da5308997bc625d6444a850a3227d70b5539ce0c643bf753eba467a9a5ceda9.exe
-
Size
275KB
-
MD5
21b8a92ea40f126600c1affbfa9f4d76
-
SHA1
55d9a35f590782da2dc0d44bcbe2992d6c824e82
-
SHA256
2da5308997bc625d6444a850a3227d70b5539ce0c643bf753eba467a9a5ceda9
-
SHA512
ffdebb4e709e5b733ea9f6af5fbbe006f96fbd702bb4a61ff078b6a5b8adb6fb3a769aa533a46ca1bd2c30d707592abb98e8e3db9e0fd7476995584dd1604f90
-
SSDEEP
6144:KG377xS2Vp2CeiorXhwTBOc53HpcCJJvHk:Zr7xS2Vp6FwTHbJJvHk
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
UAC bypass
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3