General
-
Target
7e3447e9bcd0e44cd2dc8364febe9f424b42c866e666b7e1eda5bf93eba2f796.exe
-
Size
109KB
-
Sample
250109-bekggs1mew
-
MD5
b28a3837045fa13d0dd5787daa4ee150
-
SHA1
5624f07e0ed35dab09e6d2bd8a57a90f72152c53
-
SHA256
7e3447e9bcd0e44cd2dc8364febe9f424b42c866e666b7e1eda5bf93eba2f796
-
SHA512
bde7f13dd14074748e82022b09c47f27c40f3c1f19edbb00ff4a561442fd42a7bab3ca7df410f35594bd88068d61d5108b7b1dad54e9caa5fa6e5e918b440bef
-
SSDEEP
3072:Koy8j7VnNdrPHaSekwi+mW+2LCK+AMScout7:68jZ7rvaU3+mWr2K+3ScoS7
Malware Config
Targets
-
-
Target
7e3447e9bcd0e44cd2dc8364febe9f424b42c866e666b7e1eda5bf93eba2f796.exe
-
Size
109KB
-
MD5
b28a3837045fa13d0dd5787daa4ee150
-
SHA1
5624f07e0ed35dab09e6d2bd8a57a90f72152c53
-
SHA256
7e3447e9bcd0e44cd2dc8364febe9f424b42c866e666b7e1eda5bf93eba2f796
-
SHA512
bde7f13dd14074748e82022b09c47f27c40f3c1f19edbb00ff4a561442fd42a7bab3ca7df410f35594bd88068d61d5108b7b1dad54e9caa5fa6e5e918b440bef
-
SSDEEP
3072:Koy8j7VnNdrPHaSekwi+mW+2LCK+AMScout7:68jZ7rvaU3+mWr2K+3ScoS7
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
UAC bypass
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3