Overview

overview

10

Static

static

10

c6d1d404f6...89.exe

windows7-x64

10

c6d1d404f6...89.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    c6d1d404f60c978c3c07ac2b89eb1bdc01f5cf27320509be6b1cca59352d3a89

  • Size

    4.1MB

  • Sample

    220919-hf269agfcp

  • MD5

    3d0dd074827b37507d8f9ac120dc53e3

  • SHA1

    7d19aaf0318356f4908ed8fdd65c2a2dc88ca38e

  • SHA256

    c6d1d404f60c978c3c07ac2b89eb1bdc01f5cf27320509be6b1cca59352d3a89

  • SHA512

    f3acaefe3c00f5c6bcca2796c8e51f14d406d4a5870b14d5e0e41e4420678c375784a32dd6b4756163f1e8a694de8d2f3b1059ea078c9c0807154b8fe6a657e4

  • SSDEEP

    12288:E6/LxTlf7xYNF706i7HeSw10yDhe9X7LyrC4z:E6zxTlTk72yDWX7Lkz

Score
10/10
modiloaderpersistencetrojanupx

Malware Config

Targets

    • Target

      c6d1d404f60c978c3c07ac2b89eb1bdc01f5cf27320509be6b1cca59352d3a89

    • Size

      4.1MB

    • MD5

      3d0dd074827b37507d8f9ac120dc53e3

    • SHA1

      7d19aaf0318356f4908ed8fdd65c2a2dc88ca38e

    • SHA256

      c6d1d404f60c978c3c07ac2b89eb1bdc01f5cf27320509be6b1cca59352d3a89

    • SHA512

      f3acaefe3c00f5c6bcca2796c8e51f14d406d4a5870b14d5e0e41e4420678c375784a32dd6b4756163f1e8a694de8d2f3b1059ea078c9c0807154b8fe6a657e4

    • SSDEEP

      12288:E6/LxTlf7xYNF706i7HeSw10yDhe9X7LyrC4z:E6zxTlTk72yDWX7Lkz

    Score
    10/10
    modiloaderpersistencetrojanupx

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks