Overview

overview

10

Static

static

7

983887ca0f...80.exe

windows7-x64

10

983887ca0f...80.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    983887ca0ff13c4c8c23656959a783b9292149e4b5c88a2be22cae961564a280

  • Size

    942KB

  • Sample

    221130-ah77aaee8s

  • MD5

    f1a0acd80140c26ee554e3530b026769

  • SHA1

    f955a1332d53c869bd6d6dea70846ebccd0b826b

  • SHA256

    983887ca0ff13c4c8c23656959a783b9292149e4b5c88a2be22cae961564a280

  • SHA512

    8c228c37b12abdd64dc6a1907ad53776710ec942f30fe2e8adc3d3eb35e261f683d0daa95d25cd83caaec961f69c5d45995cd1beaf9fa80a8a1ca5ef44adf544

  • SSDEEP

    24576:DyXehMSvLsJvH2+B72FH438X+fQiEXaZL1TtAXY:i0RwdP1mTX+f0g1Tt

Score
10/10
modiloaderevasionthemidatrojan

Malware Config

Targets

    • Target

      983887ca0ff13c4c8c23656959a783b9292149e4b5c88a2be22cae961564a280

    • Size

      942KB

    • MD5

      f1a0acd80140c26ee554e3530b026769

    • SHA1

      f955a1332d53c869bd6d6dea70846ebccd0b826b

    • SHA256

      983887ca0ff13c4c8c23656959a783b9292149e4b5c88a2be22cae961564a280

    • SHA512

      8c228c37b12abdd64dc6a1907ad53776710ec942f30fe2e8adc3d3eb35e261f683d0daa95d25cd83caaec961f69c5d45995cd1beaf9fa80a8a1ca5ef44adf544

    • SSDEEP

      24576:DyXehMSvLsJvH2+B72FH438X+fQiEXaZL1TtAXY:i0RwdP1mTX+f0g1Tt

    Score
    10/10
    modiloaderevasionthemidatrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • UAC bypass

      evasiontrojan

    • ModiLoader Second Stage

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Bypass User Account Control

1
T1088

Defense Evasion

Bypass User Account Control

1
T1088

Disabling Security Tools

1
T1089

Modify Registry

2
T1112

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

1
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks