Overview

overview

10

Static

static

dad6fc3e29...2c.exe

windows7-x64

10

dad6fc3e29...2c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dad6fc3e297a8fcb86f38ffb94b8d52c.exe

  • Size

    715KB

  • Sample

    220809-vf811sdcgn

  • MD5

    dad6fc3e297a8fcb86f38ffb94b8d52c

  • SHA1

    a1a86c595cf0a42dfa31badefb797fa5eb80ab91

  • SHA256

    35cf771ddfdab8d8f18d4ee2b4841602be4bc77f9d952ecd5f9e870160cfe8f8

  • SHA512

    3173cf984a34b13e0c8a5e3b06f42fb0fd4eea2c52757f6f6dc89911cec240360bbf2b6ae054a247a034778879dd4f626da21d4987c7d383444670e7fededbb8

Score
10/10
modiloaderpersistencetrojan

Malware Config

Targets

    • Target

      dad6fc3e297a8fcb86f38ffb94b8d52c.exe

    • Size

      715KB

    • MD5

      dad6fc3e297a8fcb86f38ffb94b8d52c

    • SHA1

      a1a86c595cf0a42dfa31badefb797fa5eb80ab91

    • SHA256

      35cf771ddfdab8d8f18d4ee2b4841602be4bc77f9d952ecd5f9e870160cfe8f8

    • SHA512

      3173cf984a34b13e0c8a5e3b06f42fb0fd4eea2c52757f6f6dc89911cec240360bbf2b6ae054a247a034778879dd4f626da21d4987c7d383444670e7fededbb8

    Score
    10/10
    modiloaderpersistencetrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks