Overview

overview

10

Static

static

7

9553134727...6d.exe

windows7-x64

10

9553134727...6d.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9553134727fa4a71eed1b6f397d5c1ba0caeecc6e0b727324e57d51adecb836d

  • Size

    1.3MB

  • Sample

    221201-r32zfahb94

  • MD5

    86b26f88dd49c24f509db5fcea871cfb

  • SHA1

    5e491a66461c2735c64c1c76c3e3a802ecdfd94d

  • SHA256

    9553134727fa4a71eed1b6f397d5c1ba0caeecc6e0b727324e57d51adecb836d

  • SHA512

    098dfcd7627103d0b32819901c211122cea2f515f97c1ac8d4b9818af56da89986529f50f361574f96c0693f2c5848525c574ba7357f2eddcd8f4ee0e8656639

  • SSDEEP

    24576:16dn930Z+o74N7sblqxcRQdvwiwVnbtpLrghuVYRyXCVYTVyiK7T+R7Voy8YsZoR:1yeZr4NKqeRQFw5IYMVVYZyiT7VoyHph

Score
10/10
modiloaderevasionpersistencethemidatrojanupx

Malware Config

Targets

    • Target

      9553134727fa4a71eed1b6f397d5c1ba0caeecc6e0b727324e57d51adecb836d

    • Size

      1.3MB

    • MD5

      86b26f88dd49c24f509db5fcea871cfb

    • SHA1

      5e491a66461c2735c64c1c76c3e3a802ecdfd94d

    • SHA256

      9553134727fa4a71eed1b6f397d5c1ba0caeecc6e0b727324e57d51adecb836d

    • SHA512

      098dfcd7627103d0b32819901c211122cea2f515f97c1ac8d4b9818af56da89986529f50f361574f96c0693f2c5848525c574ba7357f2eddcd8f4ee0e8656639

    • SSDEEP

      24576:16dn930Z+o74N7sblqxcRQdvwiwVnbtpLrghuVYRyXCVYTVyiK7T+R7Voy8YsZoR:1yeZr4NKqeRQFw5IYMVVYZyiT7VoyHph

    Score
    10/10
    modiloaderevasionpersistencetrojanupx

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • UAC bypass

      evasiontrojan

    • ModiLoader Second Stage

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Bypass User Account Control

1
T1088

Defense Evasion

Bypass User Account Control

1
T1088

Disabling Security Tools

1
T1089

Modify Registry

4
T1112

Credential Access

Discovery

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks