Overview

overview

10

Static

static

?? ???????...??.exe

windows7_x64

10

?? ???????...??.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c55b403bdd131a5c019ba86569b55aff210396f7ea9bef4496e183524fbda4b6

  • Size

    1.1MB

  • Sample

    220521-xend2aehcl

  • MD5

    811a872cfb0d0214df4d6b79043a4c66

  • SHA1

    3f3dc49706cd1bc8664e55ad7806b1503fde4805

  • SHA256

    c55b403bdd131a5c019ba86569b55aff210396f7ea9bef4496e183524fbda4b6

  • SHA512

    a57297f5f4ea20c5042af26d2feff67eadb2f7c0f384a3628692a4c93b551e8c18aaf8b5bf6a1f7c638ced6e76fcc1980773029595a485bb1651e12e32f225c7

Score
10/10
modiloadertrojan

Malware Config

Targets

    • Target

      ?? ????????? Proforma ?????????????.exe

    • Size

      1.7MB

    • MD5

      d9169d17075bb755958f2ce58d8adc72

    • SHA1

      0cdce4e32588aa24117ab4aacbe2d13be9f9d069

    • SHA256

      3c758c3133fb2a7c7c51b2ec84028759bc99e1f3ca3bc22c1046d90f79801f76

    • SHA512

      2a5a14d9e9f784f284b2d1bdbb31831f01ef7aac749e445fe8498737da37b21695a6d0197839d57d85b8cb84939c011f38651c01d3261bf041df976621a54e11

    Score
    10/10
    modiloadertrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader First Stage

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks