Overview

overview

10

Static

static

aed29e23f0...48.exe

windows7_x64

10

aed29e23f0...48.exe

windows10_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aed29e23f01dab295f973ee35bf42248.exe

  • Size

    6.2MB

  • Sample

    210319-plxkxv1y2j

  • MD5

    aed29e23f01dab295f973ee35bf42248

  • SHA1

    94a3eccc392cb47d7bc6dd3bf8fd0bf103018e0f

  • SHA256

    a1b2f18b48cbae1df244f074c9a7f1ccfd369aeb981c6a4964b36d5d9e0c487c

  • SHA512

    1b0ed0797b2e58db3ef5a6318ec7252529b935167cdfd13dc25f59bdc69143d953a1a1e0c4cfd97b89bf2a6b7dd9f2636cfe58835323af545235c192f11f147c

Score
10/10
modiloaderbootkitpersistencetrojan

Malware Config

Targets

    • Target

      aed29e23f01dab295f973ee35bf42248.exe

    • Size

      6.2MB

    • MD5

      aed29e23f01dab295f973ee35bf42248

    • SHA1

      94a3eccc392cb47d7bc6dd3bf8fd0bf103018e0f

    • SHA256

      a1b2f18b48cbae1df244f074c9a7f1ccfd369aeb981c6a4964b36d5d9e0c487c

    • SHA512

      1b0ed0797b2e58db3ef5a6318ec7252529b935167cdfd13dc25f59bdc69143d953a1a1e0c4cfd97b89bf2a6b7dd9f2636cfe58835323af545235c192f11f147c

    Score
    10/10
    modiloaderbootkitpersistencetrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader First Stage

    • Executes dropped EXE

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks