Overview

overview

10

Static

static

a661c143d2...78.exe

windows7-x64

10

a661c143d2...78.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    a661c143d243ef5dfc90b7d27a965ce003110ee0ccac873287e6604962671f78

  • Size

    152KB

  • Sample

    221204-jy4y8sef6t

  • MD5

    06ff679f82d32ed69e170af2c2e5b0d2

  • SHA1

    5f1a56df96ee69217fa700a16983b73634e09c58

  • SHA256

    a661c143d243ef5dfc90b7d27a965ce003110ee0ccac873287e6604962671f78

  • SHA512

    5c4de3cda708d72c1e7c2a903d0d7915fffcecebff8cca087bdac9f5d8184fa228f7a268a1fb35859e43f341218aa1653f7ba18847cfda3807a48f944ba24317

  • SSDEEP

    1536:c1DMz1DQvXLq6t7awFONecenlLnQHIG5R9c73P600t:9eGw9A0rC00t

Score
10/10
modiloaderpersistencetrojanupx

Malware Config

Targets

    • Target

      a661c143d243ef5dfc90b7d27a965ce003110ee0ccac873287e6604962671f78

    • Size

      152KB

    • MD5

      06ff679f82d32ed69e170af2c2e5b0d2

    • SHA1

      5f1a56df96ee69217fa700a16983b73634e09c58

    • SHA256

      a661c143d243ef5dfc90b7d27a965ce003110ee0ccac873287e6604962671f78

    • SHA512

      5c4de3cda708d72c1e7c2a903d0d7915fffcecebff8cca087bdac9f5d8184fa228f7a268a1fb35859e43f341218aa1653f7ba18847cfda3807a48f944ba24317

    • SSDEEP

      1536:c1DMz1DQvXLq6t7awFONecenlLnQHIG5R9c73P600t:9eGw9A0rC00t

    Score
    10/10
    modiloaderpersistencetrojanupx

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks