Overview

overview

10

Static

static

0d79f2cfe3...7c.exe

windows7-x64

10

0d79f2cfe3...7c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0d79f2cfe389511d4c45f1fe85c92c5c94e6a699c348e72d36096bee016b777c

  • Size

    510KB

  • Sample

    221011-r12wnaabc8

  • MD5

    6a527509124125bed8c6ae6dba165902

  • SHA1

    5ab1f9820c5d95dc6973b16ed1cee580a86ee449

  • SHA256

    0d79f2cfe389511d4c45f1fe85c92c5c94e6a699c348e72d36096bee016b777c

  • SHA512

    b76ab77a7b0dec818268677e0ebb1cda8e15c8b7619efead295dd979142a711e74eeda7b3aa841288c188ce48d81af96c13321c8764720bb379a8fd90281e4e8

  • SSDEEP

    12288:qujL7K6wQiurgzw6wVzxzz7MagBqNVWQ+RQhzkyu:qujmQiurgz0zxzvgI/WQ+RQdkyu

Score
10/10
modiloadertrojan

Malware Config

Targets

    • Target

      0d79f2cfe389511d4c45f1fe85c92c5c94e6a699c348e72d36096bee016b777c

    • Size

      510KB

    • MD5

      6a527509124125bed8c6ae6dba165902

    • SHA1

      5ab1f9820c5d95dc6973b16ed1cee580a86ee449

    • SHA256

      0d79f2cfe389511d4c45f1fe85c92c5c94e6a699c348e72d36096bee016b777c

    • SHA512

      b76ab77a7b0dec818268677e0ebb1cda8e15c8b7619efead295dd979142a711e74eeda7b3aa841288c188ce48d81af96c13321c8764720bb379a8fd90281e4e8

    • SSDEEP

      12288:qujL7K6wQiurgzw6wVzxzz7MagBqNVWQ+RQhzkyu:qujmQiurgz0zxzvgI/WQ+RQdkyu

    Score
    10/10
    modiloadertrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks