Overview

overview

10

Static

static

8

4d3eb4d429...bd.exe

windows7-x64

10

4d3eb4d429...bd.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4d3eb4d42968c8f379df619ee7816f99b41223aaa424d06d4fa18cce2f9856bd

  • Size

    626KB

  • Sample

    221020-h7whsabccp

  • MD5

    59ae91cd6b1130f5ae2ef8428c549ab0

  • SHA1

    75a4239f016cba03828067986dea8b20daad3435

  • SHA256

    4d3eb4d42968c8f379df619ee7816f99b41223aaa424d06d4fa18cce2f9856bd

  • SHA512

    6205b2a0269611335ed841c6c6b44096572b73ce594eaab5aaa8d45efde1d5fcd3e88f9fabd36a802b642c11a8d97cd5fe037e6406574f5ee4b45e523b6c735f

  • SSDEEP

    12288:GV/DzYfdgBisFdZQ1nU7htF3Z4mxxG2c8Wo5vArF5B:GVbkfdgB1knshtQmXnnp5vAr9

Score
10/10
modiloaderaspackv2trojan

Malware Config

Targets

    • Target

      4d3eb4d42968c8f379df619ee7816f99b41223aaa424d06d4fa18cce2f9856bd

    • Size

      626KB

    • MD5

      59ae91cd6b1130f5ae2ef8428c549ab0

    • SHA1

      75a4239f016cba03828067986dea8b20daad3435

    • SHA256

      4d3eb4d42968c8f379df619ee7816f99b41223aaa424d06d4fa18cce2f9856bd

    • SHA512

      6205b2a0269611335ed841c6c6b44096572b73ce594eaab5aaa8d45efde1d5fcd3e88f9fabd36a802b642c11a8d97cd5fe037e6406574f5ee4b45e523b6c735f

    • SSDEEP

      12288:GV/DzYfdgBisFdZQ1nU7htF3Z4mxxG2c8Wo5vArF5B:GVbkfdgB1knshtQmXnnp5vAr9

    Score
    10/10
    modiloaderaspackv2trojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks