General

  • Target

    692cca772c1eeaad17f7b24ee947b76f3b343dd4c14c137bdc327d5a8145d6e4

  • Size

    90KB

  • Sample

    241218-x7m9qszmcn

  • MD5

    476bd55ebcfa028218c707b62905a586

  • SHA1

    f7f7239669b639b9e4c89ac3e94bbec76ca4014c

  • SHA256

    692cca772c1eeaad17f7b24ee947b76f3b343dd4c14c137bdc327d5a8145d6e4

  • SHA512

    1877d5998575d3f23ef61d4204d260eef4d64bdf5e2e5ca3d165fba5f6cc8113428a426e134d67c51d0c2cc1bf059202856bd48557462e497f26e6ed36f568ef

  • SSDEEP

    1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDJ:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3z

Malware Config

Targets

    • Target

      692cca772c1eeaad17f7b24ee947b76f3b343dd4c14c137bdc327d5a8145d6e4

    • Size

      90KB

    • MD5

      476bd55ebcfa028218c707b62905a586

    • SHA1

      f7f7239669b639b9e4c89ac3e94bbec76ca4014c

    • SHA256

      692cca772c1eeaad17f7b24ee947b76f3b343dd4c14c137bdc327d5a8145d6e4

    • SHA512

      1877d5998575d3f23ef61d4204d260eef4d64bdf5e2e5ca3d165fba5f6cc8113428a426e134d67c51d0c2cc1bf059202856bd48557462e497f26e6ed36f568ef

    • SSDEEP

      1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDJ:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3z

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modiloader family

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks