Overview

overview

10

Static

static

3

Mzleihaxsqmjvc.exe

windows7-x64

10

Mzleihaxsqmjvc.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NUEVO ORDEN 1.zip

  • Size

    363KB

  • Sample

    230516-vypebsbg66

  • MD5

    efcc26a6d153ac602c53793818aafbfa

  • SHA1

    bdd937e6ed1c13a230ac645efeaf92905b0ca880

  • SHA256

    c764db08719f686021be955a1342d43816ec436011de939d9e7075c8013b2833

  • SHA512

    5d08a2dea7252a39435d919a9af4ab434ddc2e0ee6f91e48ffa824507790276f528c4d0d1506a025050e49e2356adecb7aacfb28e70906e7dccca298f828e562

  • SSDEEP

    6144:S+2xnJ2w/Zyo8swinui+XMSivAt/7YZDhnZTy9ZYWcdepcZyJZvcI:S+up/Is/uiUiq/kle7YWQepMI

Score
10/10
modiloaderpersistencetrojan

Malware Config

Targets

    • Target

      Mzleihaxsqmjvc.exe

    • Size

      841KB

    • MD5

      3c8baf53109b5c4d3e83d6ac1452c67f

    • SHA1

      5d536b72e869b0fcb786407bef727d619289e0c2

    • SHA256

      42cb2fa8a0afe1f49ea8fa6705da525d51f4562292706bda3e62924572d84643

    • SHA512

      6048c6b00c82082d30f1e8cd26e4cf480c3e71373e1a294a543d61057c28fa1dbc3b6346e078e2ba320c15d7b3d86b3eb1cc3d6a2acb697b1bceca6fb58f7af6

    • SSDEEP

      12288:IEaSIJxsS4ISFSs417nXbaGBazVb8N0K1WqR:/F0mcSFS77LaG6VIEk

    Score
    10/10
    modiloadertrojanpersistence

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks