Overview

overview

10

Static

static

Swift Paym...la.exe

windows7-x64

10

Swift Paym...la.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Swift Payment Copy .xla.exe

  • Size

    793KB

  • Sample

    221123-lmma6afb7s

  • MD5

    1721e78ab207e52b366bf7a7723a656b

  • SHA1

    d2cbaf931dc21807ae5f3ac477810f7f537d444e

  • SHA256

    85465b3e86e0e4a460fcf28729773f52de6777db71890ead00e4bee867a3e3ec

  • SHA512

    c03920bed87494876f7683ae7081c8977b90165e0645fe5b410dff13be305a61e60fef698972019a57074d7c9a2aa4ca0cf2089f66c323e70aaff73ee1a60510

  • SSDEEP

    12288:VV2cbnbazcd5JluSVVvkYhrN+kZt+kXPqTdTB2O4rwSMpxwhxStY:V4cnOcd53uSVVJRskZQWq5oOqLM2xS+

Score
10/10
modiloadertrojan

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://onedrive.live.com/download?cid=E0CF7F9E6AAF27EF&resid=E0CF7F9E6AAF27EF%21815&authkey=AO1B_84jlgMTl9c

Targets

    • Target

      Swift Payment Copy .xla.exe

    • Size

      793KB

    • MD5

      1721e78ab207e52b366bf7a7723a656b

    • SHA1

      d2cbaf931dc21807ae5f3ac477810f7f537d444e

    • SHA256

      85465b3e86e0e4a460fcf28729773f52de6777db71890ead00e4bee867a3e3ec

    • SHA512

      c03920bed87494876f7683ae7081c8977b90165e0645fe5b410dff13be305a61e60fef698972019a57074d7c9a2aa4ca0cf2089f66c323e70aaff73ee1a60510

    • SSDEEP

      12288:VV2cbnbazcd5JluSVVvkYhrN+kZt+kXPqTdTB2O4rwSMpxwhxStY:V4cnOcd53uSVVJRskZQWq5oOqLM2xS+

    Score
    10/10
    modiloadertrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks