General
-
Target
12122024_1453_x.exe
-
Size
1.1MB
-
Sample
241212-r9b2lazkdl
-
MD5
56f9b0f1c77116f27f527100ab5d8e49
-
SHA1
0b0c645cae7af33e778b39a41e8d71900ddf67b6
-
SHA256
6fe4c7d5e12571b9be82f42a4dcba7a225e756e9f043539a6278ef0f2c37b15e
-
SHA512
d2249f1c0c05975d5edce264b6ff2a3fc4fd321c26f6205c89f3fa02b80c3ec4728b616599f5053bd82089807fa7599032a3aae6d3df3f7b010d32907e1953d0
-
SSDEEP
24576:8dpFqERcBuu6VPxCrlYVLD9bM62XTPUznK2fB/sJ41m:8kAO5YvbMBDPUzXfB
Malware Config
Targets
-
-
Target
12122024_1453_x.exe
-
Size
1.1MB
-
MD5
56f9b0f1c77116f27f527100ab5d8e49
-
SHA1
0b0c645cae7af33e778b39a41e8d71900ddf67b6
-
SHA256
6fe4c7d5e12571b9be82f42a4dcba7a225e756e9f043539a6278ef0f2c37b15e
-
SHA512
d2249f1c0c05975d5edce264b6ff2a3fc4fd321c26f6205c89f3fa02b80c3ec4728b616599f5053bd82089807fa7599032a3aae6d3df3f7b010d32907e1953d0
-
SSDEEP
24576:8dpFqERcBuu6VPxCrlYVLD9bM62XTPUznK2fB/sJ41m:8kAO5YvbMBDPUzXfB
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1