General

  • Target

    5d2d22d1a9e875eb2f54e8a035dbc712fd71eae1f5c99e77de5cc05e035ffbf3

  • Size

    90KB

  • Sample

    250117-bj3hvsxlcy

  • MD5

    87335125fe46e04262f1b08fe076ba72

  • SHA1

    2b0185030eba09e1c2e7fb5e2ddfe82f13c0886b

  • SHA256

    5d2d22d1a9e875eb2f54e8a035dbc712fd71eae1f5c99e77de5cc05e035ffbf3

  • SHA512

    6d43af7a6b928b39cb16ddcd498bc4d3cbe7ea0da334e577ca61884b8db1da8bb603266a5030cd3bcac2435c98ffe85b302168d37eada964bef412c9e27c6c45

  • SSDEEP

    1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDX:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3Z

Malware Config

Targets

    • Target

      5d2d22d1a9e875eb2f54e8a035dbc712fd71eae1f5c99e77de5cc05e035ffbf3

    • Size

      90KB

    • MD5

      87335125fe46e04262f1b08fe076ba72

    • SHA1

      2b0185030eba09e1c2e7fb5e2ddfe82f13c0886b

    • SHA256

      5d2d22d1a9e875eb2f54e8a035dbc712fd71eae1f5c99e77de5cc05e035ffbf3

    • SHA512

      6d43af7a6b928b39cb16ddcd498bc4d3cbe7ea0da334e577ca61884b8db1da8bb603266a5030cd3bcac2435c98ffe85b302168d37eada964bef412c9e27c6c45

    • SSDEEP

      1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDX:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3Z

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modiloader family

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks