Overview

overview

10

Static

static

0e5f31e5e6...b3.exe

windows7-x64

10

0e5f31e5e6...b3.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0e5f31e5e621d8fe3893e39e13a26698339226998c1d77c0682421956b64bfb3

  • Size

    2.2MB

  • Sample

    221125-lqt56sgf75

  • MD5

    0f018f32f0af9c878fdbffa381005100

  • SHA1

    c8d8a423e635777fa5bc73b029414612a26869c7

  • SHA256

    0e5f31e5e621d8fe3893e39e13a26698339226998c1d77c0682421956b64bfb3

  • SHA512

    f027d936554a245f21f7b10a374ff0442876ed277d0acb0e6af662b4c6c2269015a149943a95fb1dcce79ec4ebc5ba06b3cc8ae1d5c86ae079b77dd6573ad6cf

  • SSDEEP

    49152:HpMRn2NcS7PE5pkKDGKffsAwLkTYMeIEj:HpMR2NJCffsAwgTYMFEj

Score
10/10
modiloaderbootkitpersistencetrojan

Malware Config

Targets

    • Target

      0e5f31e5e621d8fe3893e39e13a26698339226998c1d77c0682421956b64bfb3

    • Size

      2.2MB

    • MD5

      0f018f32f0af9c878fdbffa381005100

    • SHA1

      c8d8a423e635777fa5bc73b029414612a26869c7

    • SHA256

      0e5f31e5e621d8fe3893e39e13a26698339226998c1d77c0682421956b64bfb3

    • SHA512

      f027d936554a245f21f7b10a374ff0442876ed277d0acb0e6af662b4c6c2269015a149943a95fb1dcce79ec4ebc5ba06b3cc8ae1d5c86ae079b77dd6573ad6cf

    • SSDEEP

      49152:HpMRn2NcS7PE5pkKDGKffsAwLkTYMeIEj:HpMR2NJCffsAwgTYMFEj

    Score
    10/10
    modiloaderbootkitpersistencetrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader First Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks