General

  • Target

    RTD20241038IIListedPartsAndQuotationRequestpdf.scr.exe

  • Size

    1.5MB

  • Sample

    241224-mkkvzsvpfq

  • MD5

    aaca1b72e0ac5dc118b0f981667e8179

  • SHA1

    162a85d0d2d6eec0fb05d043167bbd8451183735

  • SHA256

    8a63bbd795519e52538e95891f205d78a4ccc474c24e80d8efab364ad4ca2335

  • SHA512

    b066f98aa3ff546753e6ac2cc76918ab90b46859ecadb7b1940bf562edbb389383f2a09146b71863073c3434a408daf5fa93968603011d647ede2aa9c9e13426

  • SSDEEP

    24576:ybzkvy/WQ9JGhRg8MLr12geV421wu0L8UnE923HZshmMv6J:ybzgZh+HV21W8UE923HZrs6

Malware Config

Targets

    • Target

      RTD20241038IIListedPartsAndQuotationRequestpdf.scr.exe

    • Size

      1.5MB

    • MD5

      aaca1b72e0ac5dc118b0f981667e8179

    • SHA1

      162a85d0d2d6eec0fb05d043167bbd8451183735

    • SHA256

      8a63bbd795519e52538e95891f205d78a4ccc474c24e80d8efab364ad4ca2335

    • SHA512

      b066f98aa3ff546753e6ac2cc76918ab90b46859ecadb7b1940bf562edbb389383f2a09146b71863073c3434a408daf5fa93968603011d647ede2aa9c9e13426

    • SSDEEP

      24576:ybzkvy/WQ9JGhRg8MLr12geV421wu0L8UnE923HZshmMv6J:ybzgZh+HV21W8UE923HZrs6

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modiloader family

    • ModiLoader Second Stage

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks