General

  • Target

    nicerose.exe

  • Size

    1.3MB

  • Sample

    241218-r4jjgstmbr

  • MD5

    ccdcd04a0ffde31366754018598eb02f

  • SHA1

    38492826e8febf5bd7da4f9d8a8379ec7044ca9a

  • SHA256

    63c77a3f6cfa94cbc6a4c0c1475f02520592e58d6a03e8553e77a85a3f03c32f

  • SHA512

    8059cf54a64b45598b39becb3ec02fdf4b5837e4dd84ac82d33334850d61d1b33df70da0a65857c33e9a0fe2dc3d405bdbf6fa7214ab68e471e2e0c0f7e31053

  • SSDEEP

    24576:TS1gzTBokW3THfYl7JTOs1r7FX2DOfqDrKfK8r/4mSwhONqR:TtTiq973f

Malware Config

Targets

    • Target

      nicerose.exe

    • Size

      1.3MB

    • MD5

      ccdcd04a0ffde31366754018598eb02f

    • SHA1

      38492826e8febf5bd7da4f9d8a8379ec7044ca9a

    • SHA256

      63c77a3f6cfa94cbc6a4c0c1475f02520592e58d6a03e8553e77a85a3f03c32f

    • SHA512

      8059cf54a64b45598b39becb3ec02fdf4b5837e4dd84ac82d33334850d61d1b33df70da0a65857c33e9a0fe2dc3d405bdbf6fa7214ab68e471e2e0c0f7e31053

    • SSDEEP

      24576:TS1gzTBokW3THfYl7JTOs1r7FX2DOfqDrKfK8r/4mSwhONqR:TtTiq973f

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modiloader family

    • ModiLoader Second Stage

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks