General

  • Target

    Delivery Confirmation Forms - Contact Form TS4047117 pdf.exe

  • Size

    1.3MB

  • Sample

    241219-hn8zrstlaz

  • MD5

    72ab2a99902ec6f67b0d4df67820328e

  • SHA1

    31477040c90aab506547fe4e4450e71b76e9345b

  • SHA256

    406044ba7e007830321b3669505774b9e282502ac958f0cd723e5106c33c4180

  • SHA512

    3ff78c68e71f0bc2788f4177d7a49ff5857a71ec42d5e70c786f9cdea3a4b8ed1563fe95beef7501c8b6c85e96e06b63f5e5399575163b50bb6404bdec025cce

  • SSDEEP

    24576:TS1gzTBokW3THfYl7JTOs1r7FX2DOfqDrKfK8r/4mSwhODqR:TtTiq973f

Malware Config

Targets

    • Target

      Delivery Confirmation Forms - Contact Form TS4047117 pdf.exe

    • Size

      1.3MB

    • MD5

      72ab2a99902ec6f67b0d4df67820328e

    • SHA1

      31477040c90aab506547fe4e4450e71b76e9345b

    • SHA256

      406044ba7e007830321b3669505774b9e282502ac958f0cd723e5106c33c4180

    • SHA512

      3ff78c68e71f0bc2788f4177d7a49ff5857a71ec42d5e70c786f9cdea3a4b8ed1563fe95beef7501c8b6c85e96e06b63f5e5399575163b50bb6404bdec025cce

    • SSDEEP

      24576:TS1gzTBokW3THfYl7JTOs1r7FX2DOfqDrKfK8r/4mSwhODqR:TtTiq973f

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modiloader family

    • ModiLoader Second Stage

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks