Overview

overview

10

Static

static

8

USD_ Payme...le.xls

windows7_x64

10

USD_ Payme...le.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    USD_ Payment Schedule.xls

  • Size

    330KB

  • Sample

    210122-r9jf25hj96

  • MD5

    9f32ff59ea65adff3fa4350db7db6534

  • SHA1

    fa29ea0f3c997ef85c9fbd0a3f27d57344f15dd1

  • SHA256

    03cf03d1cb4fa502ef1992e2aad3f1f7f0d7fbf1f16839d87eaa04f330211bbe

  • SHA512

    062ce1a27b51714fb9f8273a67e117dca1c61665d3eb43ffcd619a6c294e4ba8fc997c70b087d66d053cf743d1715f6c562859e3d84e72283920acff76cd8aad

Score
10/10
modiloadermacromacro_on_actionransomwaretrojanxlm

Malware Config

Targets

    • Target

      USD_ Payment Schedule.xls

    • Size

      330KB

    • MD5

      9f32ff59ea65adff3fa4350db7db6534

    • SHA1

      fa29ea0f3c997ef85c9fbd0a3f27d57344f15dd1

    • SHA256

      03cf03d1cb4fa502ef1992e2aad3f1f7f0d7fbf1f16839d87eaa04f330211bbe

    • SHA512

      062ce1a27b51714fb9f8273a67e117dca1c61665d3eb43ffcd619a6c294e4ba8fc997c70b087d66d053cf743d1715f6c562859e3d84e72283920acff76cd8aad

    Score
    10/10
    modiloaderransomwaretrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader First Stage

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates physical storage devices

      Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks