Overview

overview

10

Static

static

cbf21bc849...88.exe

windows7-x64

10

cbf21bc849...88.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cbf21bc8497979d068c345e107f729638698765719302283cb09e6854656ab88

  • Size

    152KB

  • Sample

    221126-hk7brsab83

  • MD5

    e4209d18f3effb3e2dd50c1d12133330

  • SHA1

    6f8652d3c087f5e53bc46da1079269ba3ba27ff7

  • SHA256

    cbf21bc8497979d068c345e107f729638698765719302283cb09e6854656ab88

  • SHA512

    7b999f7709bba1ed66ec62468526d58be2d0c6791268351a4da87b575732273f1f38f99c2696f0de4da1a9ea9ee115594bbe3b48201477f6c8f82ce0bf14860a

  • SSDEEP

    1536:c1DMz1DQvXLq6t7awFONecenlLnQHIG5R9c73P600t:9eGw9A0rC00t

Score
10/10
modiloaderpersistencetrojanupx

Malware Config

Targets

    • Target

      cbf21bc8497979d068c345e107f729638698765719302283cb09e6854656ab88

    • Size

      152KB

    • MD5

      e4209d18f3effb3e2dd50c1d12133330

    • SHA1

      6f8652d3c087f5e53bc46da1079269ba3ba27ff7

    • SHA256

      cbf21bc8497979d068c345e107f729638698765719302283cb09e6854656ab88

    • SHA512

      7b999f7709bba1ed66ec62468526d58be2d0c6791268351a4da87b575732273f1f38f99c2696f0de4da1a9ea9ee115594bbe3b48201477f6c8f82ce0bf14860a

    • SSDEEP

      1536:c1DMz1DQvXLq6t7awFONecenlLnQHIG5R9c73P600t:9eGw9A0rC00t

    Score
    10/10
    modiloaderpersistencetrojanupx

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks