Overview

overview

10

Static

static

DHL_45678.exe

windows7_x64

1

DHL_45678.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DHL_45678.exe

  • Size

    680KB

  • Sample

    210514-lgxew66ejs

  • MD5

    f6ca1b224a24f24e3711cb9c7d5116e6

  • SHA1

    0df6caa2522747881e0b7f727ea8fd8bdfc6ea38

  • SHA256

    021490096d2120ed8c0802cb40e95a2501c83c5fde854071122c4e47c4ae370f

  • SHA512

    4853b2b5994ab21063e3d9cfb58400911bad4247ad51b170969615cb8355ea4246d3e69c30317df519b1063da289d734934fc7ff664b8269552ac51bdca0b5ef

Score
10/10
modiloaderparallaxpersistencerattrojan

Malware Config

Targets

    • Target

      DHL_45678.exe

    • Size

      680KB

    • MD5

      f6ca1b224a24f24e3711cb9c7d5116e6

    • SHA1

      0df6caa2522747881e0b7f727ea8fd8bdfc6ea38

    • SHA256

      021490096d2120ed8c0802cb40e95a2501c83c5fde854071122c4e47c4ae370f

    • SHA512

      4853b2b5994ab21063e3d9cfb58400911bad4247ad51b170969615cb8355ea4246d3e69c30317df519b1063da289d734934fc7ff664b8269552ac51bdca0b5ef

    Score
    10/10
    modiloaderparallaxpersistencerattrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ParallaxRat

      ParallaxRat is a multipurpose RAT written in MASM.

      ratparallax

    • ParallaxRat payload

      Detects payload of Parallax Rat, a small portable Rat usually digitally signed with a Sectigo certificate.

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks