Overview

overview

10

Static

static

c557e73588...27.exe

windows7-x64

10

c557e73588...27.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c557e73588e3c71e7f3a80be3042c44d8ea00f3cd948b2039e9ad0d7dae19427

  • Size

    1.2MB

  • Sample

    221204-lh5xpsbc61

  • MD5

    3d62a9b70a592d3bfca03675a2048efd

  • SHA1

    a2f0f9b48f861096945e4cc74d9eab6e6cf0ea23

  • SHA256

    c557e73588e3c71e7f3a80be3042c44d8ea00f3cd948b2039e9ad0d7dae19427

  • SHA512

    3fe79d426c51e2a3b4de564fd025e4d426e6cd08b6bcf00ee023f1fd417199a97bbfdec1428e8ce47045bb51c4fc7983a9ced3b1ea0d13e75b232db0fc65309d

  • SSDEEP

    24576:uQLbIVU7eHhiKzVovmy+xT+6hBxrgoY0s2Rt9:uQLbIVlHwKzes3Jhz9

Score
10/10
modiloaderevasionthemidatrojan

Malware Config

Targets

    • Target

      c557e73588e3c71e7f3a80be3042c44d8ea00f3cd948b2039e9ad0d7dae19427

    • Size

      1.2MB

    • MD5

      3d62a9b70a592d3bfca03675a2048efd

    • SHA1

      a2f0f9b48f861096945e4cc74d9eab6e6cf0ea23

    • SHA256

      c557e73588e3c71e7f3a80be3042c44d8ea00f3cd948b2039e9ad0d7dae19427

    • SHA512

      3fe79d426c51e2a3b4de564fd025e4d426e6cd08b6bcf00ee023f1fd417199a97bbfdec1428e8ce47045bb51c4fc7983a9ced3b1ea0d13e75b232db0fc65309d

    • SSDEEP

      24576:uQLbIVU7eHhiKzVovmy+xT+6hBxrgoY0s2Rt9:uQLbIVlHwKzes3Jhz9

    Score
    10/10
    modiloaderevasionthemidatrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • UAC bypass

      evasiontrojan

    • ModiLoader Second Stage

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks