General

  • Target

    810b4a26e9bd2190847c6d18847b21795af698db3b84e873076ace7378471d55N.exe

  • Size

    300KB

  • Sample

    250117-hd24gawmbq

  • MD5

    99e5c2b22d8b2145d9e4d30313271ef0

  • SHA1

    6ad1cd05ca8917c3c29c89c6acb7d7689a701a53

  • SHA256

    810b4a26e9bd2190847c6d18847b21795af698db3b84e873076ace7378471d55

  • SHA512

    7987554f55c8f063087ffcdfba9d5fe876e833496213047d592518e20878acf3310a183496628794c000d3e81bca2839eaa52982e75a161ad13bfd9bf80f782c

  • SSDEEP

    3072:Ue2A0wxDqUpM5scww4chO+O1BmP5DG0sg3i4XZ9WvDZHwdRX/L+gP38G1:UsxD5cwohO+O1sVG0/pZ6iPC8v

Malware Config

Targets

    • Target

      810b4a26e9bd2190847c6d18847b21795af698db3b84e873076ace7378471d55N.exe

    • Size

      300KB

    • MD5

      99e5c2b22d8b2145d9e4d30313271ef0

    • SHA1

      6ad1cd05ca8917c3c29c89c6acb7d7689a701a53

    • SHA256

      810b4a26e9bd2190847c6d18847b21795af698db3b84e873076ace7378471d55

    • SHA512

      7987554f55c8f063087ffcdfba9d5fe876e833496213047d592518e20878acf3310a183496628794c000d3e81bca2839eaa52982e75a161ad13bfd9bf80f782c

    • SSDEEP

      3072:Ue2A0wxDqUpM5scww4chO+O1BmP5DG0sg3i4XZ9WvDZHwdRX/L+gP38G1:UsxD5cwohO+O1sVG0/pZ6iPC8v

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modiloader family

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.