General

  • Target

    cba2f888e4d9246e11708dd4cf62cc4eed645abd37ec7cda5ee278b76d21a377.exe

  • Size

    90KB

  • Sample

    241222-gbhflswlhm

  • MD5

    568191ff4d42f3b4e07c846000396d53

  • SHA1

    a00dcd3c927796699210b90f2b26b0994b176b28

  • SHA256

    cba2f888e4d9246e11708dd4cf62cc4eed645abd37ec7cda5ee278b76d21a377

  • SHA512

    62cb24feaa515846fcb03674b8b9cc6b86117d889c7dfc6431611681df3eb97d98080f6ab1adeaad779511150a10647830d66ba2d28f2730fd89663a09f85b04

  • SSDEEP

    1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDM:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3K

Malware Config

Targets

    • Target

      cba2f888e4d9246e11708dd4cf62cc4eed645abd37ec7cda5ee278b76d21a377.exe

    • Size

      90KB

    • MD5

      568191ff4d42f3b4e07c846000396d53

    • SHA1

      a00dcd3c927796699210b90f2b26b0994b176b28

    • SHA256

      cba2f888e4d9246e11708dd4cf62cc4eed645abd37ec7cda5ee278b76d21a377

    • SHA512

      62cb24feaa515846fcb03674b8b9cc6b86117d889c7dfc6431611681df3eb97d98080f6ab1adeaad779511150a10647830d66ba2d28f2730fd89663a09f85b04

    • SSDEEP

      1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDM:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3K

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modiloader family

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks