General

  • Target

    0ff047f531432449a97fd28e8bbd79a2e2aff5fb11552560ef2398bbdbba8082.exe

  • Size

    854KB

  • Sample

    221206-nrpyysdg89

  • MD5

    365cf5f5d7fc1f822927b507fb54e57a

  • SHA1

    7d1ea87fb46709700d89a70a7fd668fb1ece7e16

  • SHA256

    0ff047f531432449a97fd28e8bbd79a2e2aff5fb11552560ef2398bbdbba8082

  • SHA512

    65eed9c257993dc3a52a29b2a7d64122b32d5494e75da9f382788e3e2e06009d7285280ddcb5b62f920286776018a2b5b4051cde3d4e5e69f2111c3869b92545

  • SSDEEP

    12288:zZ927jdTn4YRkAvIHenu/JdgQbug0lyxa66kXUqTfTB2O4rwSMpxA6Fs2Cz1dqX:zZU7VxRkwPusKqbpq7oOqLMfF8q

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://drive.google.com/uc?export=download&id=1DZ_JyNSO-_rsy0GYLNeY10ZhLJ-wnrou

Targets

    • Target

      0ff047f531432449a97fd28e8bbd79a2e2aff5fb11552560ef2398bbdbba8082.exe

    • Size

      854KB

    • MD5

      365cf5f5d7fc1f822927b507fb54e57a

    • SHA1

      7d1ea87fb46709700d89a70a7fd668fb1ece7e16

    • SHA256

      0ff047f531432449a97fd28e8bbd79a2e2aff5fb11552560ef2398bbdbba8082

    • SHA512

      65eed9c257993dc3a52a29b2a7d64122b32d5494e75da9f382788e3e2e06009d7285280ddcb5b62f920286776018a2b5b4051cde3d4e5e69f2111c3869b92545

    • SSDEEP

      12288:zZ927jdTn4YRkAvIHenu/JdgQbug0lyxa66kXUqTfTB2O4rwSMpxA6Fs2Cz1dqX:zZU7VxRkwPusKqbpq7oOqLMfF8q

    Score
    10/10
    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • ModiLoader Second Stage

    • Blocklisted process makes network request

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Matrix ATT&CK v6

Command and Control

Web Service

1
T1102

Tasks