Overview

overview

10

Static

static

1

7e32d4a4c1...51.exe

windows7-x64

10

7e32d4a4c1...51.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7e32d4a4c1bbc8a01a87d00cad0c6551.exe

  • Size

    884KB

  • Sample

    230215-snf9vscd56

  • MD5

    7e32d4a4c1bbc8a01a87d00cad0c6551

  • SHA1

    1bfdf5697335531398f13300a912979dd146b99a

  • SHA256

    caf42d835224609c61dcc1b6ddfcf517e47088e750ee67b16508c4fb2fdc5e6b

  • SHA512

    88a42409399b4a6a03350d51181964a6922c16b83a17f7cd11bdd414fc72ad8d6078de5d4a5c866a7397b8c069a67839c34ea4125e97e1270898a8fb3b43da7c

  • SSDEEP

    12288:Cb8A+lyMML0gN55kXFyqf0bGBvGoE3IhAf1nAhglR:C4ZzML0gN5WXFaK9GoEHf1nAhglR

Score
10/10
modiloaderpersistencetrojan

Malware Config

Targets

    • Target

      7e32d4a4c1bbc8a01a87d00cad0c6551.exe

    • Size

      884KB

    • MD5

      7e32d4a4c1bbc8a01a87d00cad0c6551

    • SHA1

      1bfdf5697335531398f13300a912979dd146b99a

    • SHA256

      caf42d835224609c61dcc1b6ddfcf517e47088e750ee67b16508c4fb2fdc5e6b

    • SHA512

      88a42409399b4a6a03350d51181964a6922c16b83a17f7cd11bdd414fc72ad8d6078de5d4a5c866a7397b8c069a67839c34ea4125e97e1270898a8fb3b43da7c

    • SSDEEP

      12288:Cb8A+lyMML0gN55kXFyqf0bGBvGoE3IhAf1nAhglR:C4ZzML0gN5WXFaK9GoEHf1nAhglR

    Score
    10/10
    modiloaderpersistencetrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks