Overview

overview

10

Static

static

10

Patch/Patch.exe

windows7-x64

10

Patch/Patch.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Trojan-Ransom.Win32.Blocker.hrft-3615f32cbdbaf020248a4cce6f67327dc796a9040a2e3ae8120c2efe96df7505

  • Size

    259KB

  • Sample

    221106-3qlmgaaecm

  • MD5

    7015429409c2fb70084ebe0d35b8d9ef

  • SHA1

    7c8702e3c0e2a1d8f1639f355568fb220c32f2d2

  • SHA256

    3615f32cbdbaf020248a4cce6f67327dc796a9040a2e3ae8120c2efe96df7505

  • SHA512

    9d31014d09c9c705b3fe3497aaa351a0f9abbc1ab5f0263f783cbdc185546c2534026e4dac0071f2e07f2e2c5a090f6bbd250f5522a3bc6435d6019d32188022

  • SSDEEP

    6144:MqgnMs7Lj/tMRJzyVBh2szneP5WzDIUkyHH7E0aj:FOMsHjO3yJ2szeP54cKtaj

Score
10/10
modiloadernjratevasionpersistencetrojan

Malware Config

Targets

    • Target

      Patch/Patch.exe

    • Size

      132KB

    • MD5

      92c47d3a0013fd2c1afe44806c7928e1

    • SHA1

      fb0a3a8c611da88a1343f1deb3b7daa20527e924

    • SHA256

      3d8c3c63612f5d27f8a4fca992b3a56a6af24033c390b0392e174a5cf7fe2364

    • SHA512

      94332c13ce21a15500992246e0da1317c7372d075ac7d0606e1fb5f95225ea5f2cbecc50a6b7c0cc84e1c807b152d47a0517e959ca55b49beed8838f6c319155

    • SSDEEP

      1536:KyADcqOQbB3fQc8Pfymg0yxpByxzRIt6HdzPesVyY6PbpMhCDmeohEt8T:HyVQtPfymg0sox9XUPbpWeURT

    Score
    10/10
    modiloadernjratevasionpersistencetrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • ModiLoader Second Stage

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks