General

  • Target

    765cff6cd68223c374e0d1b6ad9708740f8e8f431e4fb0576c1b6650ff5f72a5N.exe

  • Size

    90KB

  • Sample

    250116-ybcnssvrat

  • MD5

    02bf72f41b388a8ef53f3ad06dd89440

  • SHA1

    2db30c51d22ae0237b5a1b9ca0520512b50c0008

  • SHA256

    765cff6cd68223c374e0d1b6ad9708740f8e8f431e4fb0576c1b6650ff5f72a5

  • SHA512

    8069965b20bcc8f3b8a35b6e7f9cb643d12b2266b7a6a2066ff04f87373bccdf8ee393b47a7034bfc60dfdd2a011c6ee4644052c9d1c647d3d58f7e66113080b

  • SSDEEP

    1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDd:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3b

Malware Config

Targets

    • Target

      765cff6cd68223c374e0d1b6ad9708740f8e8f431e4fb0576c1b6650ff5f72a5N.exe

    • Size

      90KB

    • MD5

      02bf72f41b388a8ef53f3ad06dd89440

    • SHA1

      2db30c51d22ae0237b5a1b9ca0520512b50c0008

    • SHA256

      765cff6cd68223c374e0d1b6ad9708740f8e8f431e4fb0576c1b6650ff5f72a5

    • SHA512

      8069965b20bcc8f3b8a35b6e7f9cb643d12b2266b7a6a2066ff04f87373bccdf8ee393b47a7034bfc60dfdd2a011c6ee4644052c9d1c647d3d58f7e66113080b

    • SSDEEP

      1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDd:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3b

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modiloader family

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks