Overview

overview

10

Static

static

926a1d29e9...7c.exe

windows7_x64

10

926a1d29e9...7c.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    926a1d29e97f80aa65deb0186c1174d85db2236997e4eba91aac0592ff2c077c

  • Size

    1.0MB

  • Sample

    220420-ewg98sahe5

  • MD5

    accf119512ef395778488003900d8226

  • SHA1

    ba0eff961e9e43ac35a837dd43fcbab2a554d04b

  • SHA256

    926a1d29e97f80aa65deb0186c1174d85db2236997e4eba91aac0592ff2c077c

  • SHA512

    f9fca6f256884a2544fe1f580c6656296c424bf6947acf8c91235d33571e749f8857683917d2196728b9a5bff7817c39926368c26bdc2aaa40cdaab167bb7005

Score
10/10
modiloaderpersistencetrojan

Malware Config

Extracted

Family

modiloader

C2

https://cdn.discordapp.com/attachments/734633826718056471/771632517647695902/Rebxeee

Targets

    • Target

      926a1d29e97f80aa65deb0186c1174d85db2236997e4eba91aac0592ff2c077c

    • Size

      1.0MB

    • MD5

      accf119512ef395778488003900d8226

    • SHA1

      ba0eff961e9e43ac35a837dd43fcbab2a554d04b

    • SHA256

      926a1d29e97f80aa65deb0186c1174d85db2236997e4eba91aac0592ff2c077c

    • SHA512

      f9fca6f256884a2544fe1f580c6656296c424bf6947acf8c91235d33571e749f8857683917d2196728b9a5bff7817c39926368c26bdc2aaa40cdaab167bb7005

    Score
    10/10
    modiloadertrojanpersistence

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader First Stage

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks