Overview

overview

10

Static

static

Setup.exe

windows7_x64

10

Setup.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Setup.exe

  • Size

    1.2MB

  • Sample

    201121-nw5mf7dqhe

  • MD5

    a65bb98a725359c25ea677337e7bc782

  • SHA1

    e54df92418e386aa897e90ef7c635522de974ac5

  • SHA256

    2caacde56329c3cb26c041d2535a5121d02fc195193f4046aabec42d61655d68

  • SHA512

    795c85440ec8de558837e564e56b13c1976d8e27e004e829d532e61839aae73ae7e9d012a2f49a22dbd7de1d84585b8eb54e9f48561ae0dba30c668511e7407c

Score
10/10
modiloaderbootkitpersistencespywaretrojan

Malware Config

Targets

    • Target

      Setup.exe

    • Size

      1.2MB

    • MD5

      a65bb98a725359c25ea677337e7bc782

    • SHA1

      e54df92418e386aa897e90ef7c635522de974ac5

    • SHA256

      2caacde56329c3cb26c041d2535a5121d02fc195193f4046aabec42d61655d68

    • SHA512

      795c85440ec8de558837e564e56b13c1976d8e27e004e829d532e61839aae73ae7e9d012a2f49a22dbd7de1d84585b8eb54e9f48561ae0dba30c668511e7407c

    Score
    10/10
    modiloaderbootkitpersistencespywaretrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader First Stage

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks