Overview

overview

10

Static

static

d0c17c3c24...9a.exe

windows7-x64

10

d0c17c3c24...9a.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d0c17c3c241e09ec0743375107261b0c6d485f083cdd57241e6041ba15fced9a

  • Size

    286KB

  • Sample

    221203-2dxnjaeh8z

  • MD5

    07efbae6984c16f7f273d61c6fba3fcf

  • SHA1

    090ba23abf7c8986b281383129a7e1e8bd2bb4f4

  • SHA256

    d0c17c3c241e09ec0743375107261b0c6d485f083cdd57241e6041ba15fced9a

  • SHA512

    bd066852cb8e8f7ec666885b7838c0c9828dea2fd5890b45cefcb90ebb5576d84c3d6fab4b6f160ee67bf9023cdfb23a55e3f645af4467face2385b233b8601c

  • SSDEEP

    6144:psCgExLvSE2OsEHgVh+TM6t0nT+1Od1EinVpiVnxkR0nHOOVJfk31U6+Yn12OFb:paWLK2Wh+tKT+1O9VMVHOOVJf8+012OB

Score
10/10
modiloadertrojan

Malware Config

Targets

    • Target

      d0c17c3c241e09ec0743375107261b0c6d485f083cdd57241e6041ba15fced9a

    • Size

      286KB

    • MD5

      07efbae6984c16f7f273d61c6fba3fcf

    • SHA1

      090ba23abf7c8986b281383129a7e1e8bd2bb4f4

    • SHA256

      d0c17c3c241e09ec0743375107261b0c6d485f083cdd57241e6041ba15fced9a

    • SHA512

      bd066852cb8e8f7ec666885b7838c0c9828dea2fd5890b45cefcb90ebb5576d84c3d6fab4b6f160ee67bf9023cdfb23a55e3f645af4467face2385b233b8601c

    • SSDEEP

      6144:psCgExLvSE2OsEHgVh+TM6t0nT+1Od1EinVpiVnxkR0nHOOVJfk31U6+Yn12OFb:paWLK2Wh+tKT+1O9VMVHOOVJf8+012OB

    Score
    10/10
    modiloadertrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks