General

  • Target

    0f7e5c8468382eb80bd866fbe772653d.exe

  • Size

    1.7MB

  • Sample

    250330-wlej2awkz6

  • MD5

    0f7e5c8468382eb80bd866fbe772653d

  • SHA1

    aee49bfa1bccbdd7b89952b3a6bb70ca60e5881a

  • SHA256

    3703d60a9d97907ecc862ff941200970d920aad2f6cac7674ae9fe6dfc43c24f

  • SHA512

    9dec1592626cd54bd5f37562b3fa227c531464ba6d70ba9fc4c2d2d88d1ab5c3c47518cb4eb1995d013b2722a7b486a08ec6f3f512e4db388f80de495c65f234

  • SSDEEP

    24576:RMu29SclxV3SzHlPsHguSIxR/mx43tE0JVV8ChpflryJnEIVA6mztFvDgIF:R+z3SmAuT3tfJ/80OJLWtFvDpF

Malware Config

Targets

    • Target

      0f7e5c8468382eb80bd866fbe772653d.exe

    • Size

      1.7MB

    • MD5

      0f7e5c8468382eb80bd866fbe772653d

    • SHA1

      aee49bfa1bccbdd7b89952b3a6bb70ca60e5881a

    • SHA256

      3703d60a9d97907ecc862ff941200970d920aad2f6cac7674ae9fe6dfc43c24f

    • SHA512

      9dec1592626cd54bd5f37562b3fa227c531464ba6d70ba9fc4c2d2d88d1ab5c3c47518cb4eb1995d013b2722a7b486a08ec6f3f512e4db388f80de495c65f234

    • SSDEEP

      24576:RMu29SclxV3SzHlPsHguSIxR/mx43tE0JVV8ChpflryJnEIVA6mztFvDgIF:R+z3SmAuT3tfJ/80OJLWtFvDpF

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modiloader family

    • ModiLoader Second Stage

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks