General
-
Target
059971ff3a7ed8438ae50f1ae60bc161e93c0b32f8a2b3c5a0e56bbfa05d9cd5
-
Size
1.2MB
-
Sample
241127-twj66axlfm
-
MD5
dc614075998696b44ada8a2eed23fc03
-
SHA1
911b29ff40b13f6935568153f178867e10946311
-
SHA256
059971ff3a7ed8438ae50f1ae60bc161e93c0b32f8a2b3c5a0e56bbfa05d9cd5
-
SHA512
abd7c8f466b5c856a1a0862180598fbf32b9854ec4c4d6529c0fc3b45f642f538b2e52a5ad27c913f164b74306240bf84082d2dd69c8998a233c7379b749646b
-
SSDEEP
24576:uPHhFG0TMHw0kEWIo7rVTR8XzSz4FMzDVW1SKCDH7:uPBZIMJTmjSmM3UxAH7
Malware Config
Targets
-
-
Target
059971ff3a7ed8438ae50f1ae60bc161e93c0b32f8a2b3c5a0e56bbfa05d9cd5
-
Size
1.2MB
-
MD5
dc614075998696b44ada8a2eed23fc03
-
SHA1
911b29ff40b13f6935568153f178867e10946311
-
SHA256
059971ff3a7ed8438ae50f1ae60bc161e93c0b32f8a2b3c5a0e56bbfa05d9cd5
-
SHA512
abd7c8f466b5c856a1a0862180598fbf32b9854ec4c4d6529c0fc3b45f642f538b2e52a5ad27c913f164b74306240bf84082d2dd69c8998a233c7379b749646b
-
SSDEEP
24576:uPHhFG0TMHw0kEWIo7rVTR8XzSz4FMzDVW1SKCDH7:uPBZIMJTmjSmM3UxAH7
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2