Overview

overview

10

Static

static

1

Ckwciguxiccaab.exe

windows7-x64

10

Ckwciguxiccaab.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Ckwciguxiccaab.exe

  • Size

    1.1MB

  • Sample

    230215-ly26rabc69

  • MD5

    5a761f3ec666be86da178841dcb594c0

  • SHA1

    598ab507c5db082f0ad2a1cd022a45a33871dfd8

  • SHA256

    66083e6c7ccec296fd3a5fd1d2670f322c3b271902c213395d48117c6191608e

  • SHA512

    6954baf83e14060c11411a25f94bcb9f4351f5322f7a4f88495237e808dcae593bcb15b9c91ca6fd56267b52d432f0152ce9014e2d4707798e4aaa221e42dd42

  • SSDEEP

    12288:oX8lOqFSsZ40z3QjB2lr5fPx7Zh70WoQzV9hBoSFhAf1nAhglR:Q8ltFSQ3AB2zp7pcf1nAhglR

Score
10/10
modiloaderpersistencetrojan

Malware Config

Targets

    • Target

      Ckwciguxiccaab.exe

    • Size

      1.1MB

    • MD5

      5a761f3ec666be86da178841dcb594c0

    • SHA1

      598ab507c5db082f0ad2a1cd022a45a33871dfd8

    • SHA256

      66083e6c7ccec296fd3a5fd1d2670f322c3b271902c213395d48117c6191608e

    • SHA512

      6954baf83e14060c11411a25f94bcb9f4351f5322f7a4f88495237e808dcae593bcb15b9c91ca6fd56267b52d432f0152ce9014e2d4707798e4aaa221e42dd42

    • SSDEEP

      12288:oX8lOqFSsZ40z3QjB2lr5fPx7Zh70WoQzV9hBoSFhAf1nAhglR:Q8ltFSQ3AB2zp7pcf1nAhglR

    Score
    10/10
    modiloadertrojanpersistence

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks