Overview

overview

10

Static

static

3012f0534f...ad.exe

windows7-x64

10

3012f0534f...ad.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3012f0534f7547e858c6ece420cfc649bdc542edc713db5d0891a8e2821d4fad

  • Size

    152KB

  • Sample

    221125-x8wmhadc5x

  • MD5

    0b7d22692603f08c0241f7945cfc8140

  • SHA1

    affcb08e2123a68e2bb79bdc826b0c010e6faaf6

  • SHA256

    3012f0534f7547e858c6ece420cfc649bdc542edc713db5d0891a8e2821d4fad

  • SHA512

    eb4e5f9cd57ea8436f6d3a198079327ef3293d9e2a09d7bd395e491978976059d62fd9660285ebe22d2633260bfa43643f6d479eed43ca77b9dab27f83ac176c

  • SSDEEP

    1536:c1DMz1DQvXLq6t7awFONecenlLnQHIG5R9c73P600t:9eGw9A0rC00t

Score
10/10
modiloaderpersistencetrojanupx

Malware Config

Targets

    • Target

      3012f0534f7547e858c6ece420cfc649bdc542edc713db5d0891a8e2821d4fad

    • Size

      152KB

    • MD5

      0b7d22692603f08c0241f7945cfc8140

    • SHA1

      affcb08e2123a68e2bb79bdc826b0c010e6faaf6

    • SHA256

      3012f0534f7547e858c6ece420cfc649bdc542edc713db5d0891a8e2821d4fad

    • SHA512

      eb4e5f9cd57ea8436f6d3a198079327ef3293d9e2a09d7bd395e491978976059d62fd9660285ebe22d2633260bfa43643f6d479eed43ca77b9dab27f83ac176c

    • SSDEEP

      1536:c1DMz1DQvXLq6t7awFONecenlLnQHIG5R9c73P600t:9eGw9A0rC00t

    Score
    10/10
    modiloaderpersistencetrojanupx

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks