Overview

overview

10

Static

static

8

53c6c05a5d...34.exe

windows7-x64

10

53c6c05a5d...34.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    53c6c05a5d185cd25aa6894ab87300189e21e0fa532be53692bd24ca7b50df34

  • Size

    526KB

  • Sample

    221127-m7tfmsfg9t

  • MD5

    9d1157fa2a826f716674538b43346dfa

  • SHA1

    3727eceaf03ceca1394d178243418a9eb0bc74af

  • SHA256

    53c6c05a5d185cd25aa6894ab87300189e21e0fa532be53692bd24ca7b50df34

  • SHA512

    2db877b850c49649bf3752c93c050ef9c26d8a2a55bf6f73209352dc7fefc18c727ac5fe7000b3f7de4a0894706db3ed6f2a59bbc56b2252e3dedfde443f4d5a

  • SSDEEP

    12288:96Wq4aaE6KwyF5L0Y2D1PqLh+GTOgcbcPBR0t:rthEVaPqLILYJRU

Score
10/10
modiloaderpersistencetrojanupx

Malware Config

Targets

    • Target

      53c6c05a5d185cd25aa6894ab87300189e21e0fa532be53692bd24ca7b50df34

    • Size

      526KB

    • MD5

      9d1157fa2a826f716674538b43346dfa

    • SHA1

      3727eceaf03ceca1394d178243418a9eb0bc74af

    • SHA256

      53c6c05a5d185cd25aa6894ab87300189e21e0fa532be53692bd24ca7b50df34

    • SHA512

      2db877b850c49649bf3752c93c050ef9c26d8a2a55bf6f73209352dc7fefc18c727ac5fe7000b3f7de4a0894706db3ed6f2a59bbc56b2252e3dedfde443f4d5a

    • SSDEEP

      12288:96Wq4aaE6KwyF5L0Y2D1PqLh+GTOgcbcPBR0t:rthEVaPqLILYJRU

    Score
    10/10
    modiloaderpersistencetrojanupx

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks