Overview

overview

10

Static

static

90f7f6ef09...37.exe

windows7-x64

10

90f7f6ef09...37.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    90f7f6ef0952e478b5281735f87a7e0116c2f620d0b45c6bd6230231d8ea1437

  • Size

    5.1MB

  • Sample

    221126-25rllafd9t

  • MD5

    0a87095e2b0129902b094d3e144e6deb

  • SHA1

    5f400b46f2876c92dcd7ce05ff2699946ce114bc

  • SHA256

    90f7f6ef0952e478b5281735f87a7e0116c2f620d0b45c6bd6230231d8ea1437

  • SHA512

    2316f53ecb3556c374c594525a75720a7adaa59889715631667e93105264ab30e5dd5b615eb3daaa33831c11476d4161145918d51067c115f221d5248ce756bd

  • SSDEEP

    98304:ouzeozbcNTNmwFRcXZhITW5ucNF61j7+W4cacDXu5ZYNuPjqc897tgtzlwwirkx:otozbozFq0S5Xw1/BscpCj94Gzlwxg

Score
10/10
modiloaderevasionpersistencetrojan

Malware Config

Targets

    • Target

      90f7f6ef0952e478b5281735f87a7e0116c2f620d0b45c6bd6230231d8ea1437

    • Size

      5.1MB

    • MD5

      0a87095e2b0129902b094d3e144e6deb

    • SHA1

      5f400b46f2876c92dcd7ce05ff2699946ce114bc

    • SHA256

      90f7f6ef0952e478b5281735f87a7e0116c2f620d0b45c6bd6230231d8ea1437

    • SHA512

      2316f53ecb3556c374c594525a75720a7adaa59889715631667e93105264ab30e5dd5b615eb3daaa33831c11476d4161145918d51067c115f221d5248ce756bd

    • SSDEEP

      98304:ouzeozbcNTNmwFRcXZhITW5ucNF61j7+W4cacDXu5ZYNuPjqc897tgtzlwwirkx:otozbozFq0S5Xw1/BscpCj94Gzlwxg

    Score
    10/10
    modiloaderevasionpersistencetrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks