Overview

overview

10

Static

static

b305d95fa8...e0.exe

windows7_x64

10

b305d95fa8...e0.exe

windows10_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b305d95fa833495eca1fa9ab824a25e0.exe

  • Size

    5.2MB

  • Sample

    210322-ms5tamgfws

  • MD5

    b305d95fa833495eca1fa9ab824a25e0

  • SHA1

    18a87991e98013678713cf231f37787ab0c87512

  • SHA256

    4d71bbe32ad8828d3ed66fb0ea352086181390391bab0960298fad620b61eee7

  • SHA512

    51ac574dd06ae8d267f400005b1c698fd2c3f1a50dc27afcc554bf7e836046f0fea6808f8e4cc4ebc827530bdbe6bc3cd949c27672e7770070e3aafdaa42110f

Score
10/10
modiloaderbootkitpersistencetrojan

Malware Config

Targets

    • Target

      b305d95fa833495eca1fa9ab824a25e0.exe

    • Size

      5.2MB

    • MD5

      b305d95fa833495eca1fa9ab824a25e0

    • SHA1

      18a87991e98013678713cf231f37787ab0c87512

    • SHA256

      4d71bbe32ad8828d3ed66fb0ea352086181390391bab0960298fad620b61eee7

    • SHA512

      51ac574dd06ae8d267f400005b1c698fd2c3f1a50dc27afcc554bf7e836046f0fea6808f8e4cc4ebc827530bdbe6bc3cd949c27672e7770070e3aafdaa42110f

    Score
    10/10
    modiloaderbootkitpersistencetrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader First Stage

    • Executes dropped EXE

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks