Overview

overview

10

Static

static

INVOICES.exe

windows7-x64

1

INVOICES.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    INVOICES.exe

  • Size

    996KB

  • Sample

    220803-1jq79sffg3

  • MD5

    edfc6e2add36e49c8c9e010db0eb0632

  • SHA1

    69697675cdc6d2c26db0709339bfd8f42044e7b6

  • SHA256

    86871dd03f2da6c6de34710060ddc726fae5907f1f48d37c26d23f4d3d3f9bb8

  • SHA512

    61dd86fe6c09ecb2e8e107a0aa6f93d0d44334f873c3fb4b842be5e4da26e72ad53cc65c202fe9aca0ef540021ed4ddbe4f3fa9030886d835ff6ad74c894cac6

Score
10/10
modiloaderpersistencetrojan

Malware Config

Targets

    • Target

      INVOICES.exe

    • Size

      996KB

    • MD5

      edfc6e2add36e49c8c9e010db0eb0632

    • SHA1

      69697675cdc6d2c26db0709339bfd8f42044e7b6

    • SHA256

      86871dd03f2da6c6de34710060ddc726fae5907f1f48d37c26d23f4d3d3f9bb8

    • SHA512

      61dd86fe6c09ecb2e8e107a0aa6f93d0d44334f873c3fb4b842be5e4da26e72ad53cc65c202fe9aca0ef540021ed4ddbe4f3fa9030886d835ff6ad74c894cac6

    Score
    10/10
    modiloaderpersistencetrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks