Overview

overview

10

Static

static

2006֮2009...��.htm

windows7-x64

1

2006֮2009...��.htm

windows10-2004-x64

1

2006֮2009...t2.exe

windows7-x64

10

2006֮2009...t2.exe

windows10-2004-x64

10

2006֮2009...il.vbs

windows7-x64

1

2006֮2009...il.vbs

windows10-2004-x64

1

2006֮2009...��.url

windows7-x64

1

2006֮2009...��.url

windows10-2004-x64

2006֮2009...��.url

windows7-x64

1

2006֮2009...��.url

windows10-2004-x64

1

2006֮2009...��.url

windows7-x64

1

2006֮2009...��.url

windows10-2004-x64

1

2006֮2009...��.url

windows7-x64

1

2006֮2009...��.url

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    17a9e5f1df1d5cb9f369bca0e3575b1fd12ec6827e7512806a141ef175e794b5

  • Size

    335KB

  • Sample

    221128-c4wrgshc64

  • MD5

    b27a01e5c89ef7a63466d3383e11336d

  • SHA1

    1e3c59f823468bd86520f9de3693707c5d658e0e

  • SHA256

    17a9e5f1df1d5cb9f369bca0e3575b1fd12ec6827e7512806a141ef175e794b5

  • SHA512

    6ddf9683cb093bbcb7b01f621e7855aef25351921535b1db9782a1ad259f1ceddb9df357f3aea58c706757aa677dd6f7bd47a2f4b31262767078c1a3f0ef8bcc

  • SSDEEP

    6144:6h7waTXA1U9VVkl4xlbj4k6ugEKFl8J9JbMltQdiml/nDV8FLMF7Bl1LnUM6c:wnTACDklcj4jugFFCqtQ4myFL87Bl9UA

Score
10/10
modiloadertrojan

Malware Config

Targets

    • Target

      2006֮2009ͨɱȾ/77169.org˵.htm

    • Size

      4KB

    • MD5

      e3917c7f4410faf63e3bdcfff5c33e81

    • SHA1

      6848c2917ccc5e24578105ab31dcb23e451bcb10

    • SHA256

      a05f31f26ce57b9e2d9bb6b242731186374c2a0b11d1723af7e107f2dac51ba8

    • SHA512

      8b4fc3b9faa01722e49064f1f027f91860d0c7e6c8bffdcfe4465d6860857f0513784301902a10704684b8b706e9deddf0d39ad53db3f17ae09fee63eae7109f

    • SSDEEP

      96:m1OQF/fRA2RWhwM6wIm4yRgJ/Snq6kVUVTWn0M9tJexGTHwG6ak:mXF/JA0Vde4JJ4jW0MH4xG0G6

    Score
    1/10
    behavioral1behavioral2

    • Target

      2006֮2009ͨɱȾ/Project2.exe

    • Size

      336KB

    • MD5

      057e95403d5a39c08d1070b8faa8effd

    • SHA1

      6273d4654f6c21be062c7a180e067d4c1f221783

    • SHA256

      220b823d727551efd859751572cba34411ade93b56f1664dc7b609710d420c44

    • SHA512

      624caed69feae33cd654f42cd92c47898401a18f9da2aee25efc8118e50b1af2b7b3d5fa9d95d05139492217b2ffd9c9fa627577460f81a0f05eb212073baf65

    • SSDEEP

      6144:OG4sB1u9VZkl4xFbj4k6ugEEFl8J9JbM5tQdiml/nDR8FLMFcBlr:OGHBorklyj4jugZFoQtQ4mWFL8cBlr

    Score
    10/10
    modiloadertrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    behavioral3behavioral4

    • Target

      2006֮2009ͨɱȾ/qqmail.asp

    • Size

      1KB

    • MD5

      fb01f248e1fac8a73fe62e0a2813158f

    • SHA1

      c8038ec0bf9084dd5dabfba11ae7abebe15b6d8f

    • SHA256

      3db1cc059258bd33701953e9857f2aab7cdf37d9ce46f73341a8fe36dbc165a5

    • SHA512

      f5441898b0e64c5651800b73dd16ed8c756d2f072dabb8e65738fbd3f6002e599c371fd5055338ea8bce5bccb3e75f1af4548dba3417824e467aa888412ed90f

    Score
    1/10
    behavioral5behavioral6

    • Target

      2006֮2009ͨɱȾ/ĺڿͬ˽ѧѵ.url

    • Size

      79B

    • MD5

      e1e44df188850a8f9851151a2ec1ac6e

    • SHA1

      fdc2e4964f70d5040ceb2087aee0333d67d44a32

    • SHA256

      0997f40ddb2bd5ddf48d1cbe1d35c8c41c5014028bce58016c18ff18db88fbaa

    • SHA512

      06991178387556785d58da9e3c4bad2267025ee0825616192f9deea67fd81dc4deb4e73bf6076afc636e48782ef31d98bfa5fd92b46832b175e9ef05dcd8e261

    Score
    7/10

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    behavioral7behavioral8

    • Target

      2006֮2009ͨɱȾ/ĺڿͬ.url

    • Size

      76B

    • MD5

      05ed0537b8052c33a9096c68b4d1d905

    • SHA1

      19fccec1f302e67908f386ac239d31e2edd7b820

    • SHA256

      0aeee0ba3eac8e4787109250c895aa0cfbce84416acdec154c33129cb65a56e9

    • SHA512

      d633e68263362b027c53df7a3d463ab6db8361702f718670f1717cea6785f4d7a3abcae77d8bb27b40221ef47c54b4ddead00c690468b9339235848948071127

    Score
    1/10
    behavioral10behavioral9

    • Target

      2006֮2009ͨɱȾ/¿ƼIDC˾.url

    • Size

      76B

    • MD5

      7fbe8d148978b3777755d499eed0d0d2

    • SHA1

      cb7f573a82308eddd947bcde8602be3dd6a78b23

    • SHA256

      1807019038165fc861479c1bdc1e79781b7f279640ff8dbdae61bf8aac007be0

    • SHA512

      9613562f56b665b9c05a9f4ca76b6ef0eb34dede0c577bc0031beaddab477fcd750de477ff687bd1f92f1c605cf79f1de3a585270842c7f8220ba97ed824a906

    Score
    1/10
    behavioral11behavioral12

    • Target

      2006֮2009ͨɱȾ/¿Ƽȫά.url

    • Size

      79B

    • MD5

      b51d8beb384d1b767f1a5345cb7a5d4e

    • SHA1

      0e5bfcdfd6fd061333298698487894bf4f4344a0

    • SHA256

      2b54fdb2c50f052798e2bf33436c92447d5495da1fa18838bc5a0312e30dcf56

    • SHA512

      c8bd9bf6033c61a4683754d4152a7981053b095cb4c73c43e3437726cc2b9412a79751841f56ecd0f5bc81bf44cc8c80bf8e0e8507ced118d8dfcf4db814b33b

    Score
    1/10
    behavioral13behavioral14

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks