Overview

overview

10

Static

static

1

aa1c6e3474...c8.exe

windows7-x64

10

aa1c6e3474...c8.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aa1c6e34742f379c80f6006d95c655dcee23251e69c1ec9679688a33a233b1c8

  • Size

    1.2MB

  • Sample

    230210-aqs3bsfd4y

  • MD5

    1d236b4d0cf5e74cef185966f7d3ae0d

  • SHA1

    a3f18523aa27bc6b465c65c1bd8e8bfad56a3130

  • SHA256

    aa1c6e34742f379c80f6006d95c655dcee23251e69c1ec9679688a33a233b1c8

  • SHA512

    0e5eeee708cfdf19d13a391f433f0cd14621f52d5302bdb1cbe6cfff44ee095a5f1683888cc4ac6bf68997065d9e64200a4232f88d079c4323ab700bfadb0b3d

  • SSDEEP

    12288:0ADxup3epUPjRoRpbuwmS+nh6y0+vuu1+OJ+I+/y9iyMD78phts2VNC9uL7zP+CZ:Z1yVoRpbuwWnLBvuur0N0iya78phmo

Score
10/10
modiloaderpersistencetrojan

Malware Config

Targets

    • Target

      aa1c6e34742f379c80f6006d95c655dcee23251e69c1ec9679688a33a233b1c8

    • Size

      1.2MB

    • MD5

      1d236b4d0cf5e74cef185966f7d3ae0d

    • SHA1

      a3f18523aa27bc6b465c65c1bd8e8bfad56a3130

    • SHA256

      aa1c6e34742f379c80f6006d95c655dcee23251e69c1ec9679688a33a233b1c8

    • SHA512

      0e5eeee708cfdf19d13a391f433f0cd14621f52d5302bdb1cbe6cfff44ee095a5f1683888cc4ac6bf68997065d9e64200a4232f88d079c4323ab700bfadb0b3d

    • SSDEEP

      12288:0ADxup3epUPjRoRpbuwmS+nh6y0+vuu1+OJ+I+/y9iyMD78phts2VNC9uL7zP+CZ:Z1yVoRpbuwWnLBvuur0N0iya78phmo

    Score
    10/10
    modiloaderpersistencetrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks