Overview

overview

10

Static

static

10

2032-55-0x...ry.dmp

windows10-2004-x64

10

Resubmissions

27-05-2023 07:14

230527-h2sjyabd8w 10

27-05-2023 07:11

230527-hz7ababd7w 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2032-55-0x0000000000A50000-0x0000000000A90000-memory.dmp

  • Size

    256KB

  • Sample

    230527-h2sjyabd8w

  • MD5

    6f939f6bf38119b88c46c565b33a7e5b

  • SHA1

    0e5dc9cb1835bf23cd134aeaaa6f6e4ae1eb2f15

  • SHA256

    b2cd47bd16991db123ea7a13531290ad8e1f2ca7630942ebd2d90731d1983936

  • SHA512

    31c881764e218fa56fc0885e80808a0b4f7a25c550ffccb762934b435bb87b6416dda4bd9caa6b5a10182247f97c0b5b234b9c8a00f38a9f216c07b114d06089

  • SSDEEP

    3072:F8e8hUOZZV+m5c/QmRSNhGOy54SdVThDZ48e8hU654H:FOrj2VnHThDS6+

Score
10/10
modiloaderredlineaspackv2persistencetrojan

Malware Config

Targets

    • Target

      2032-55-0x0000000000A50000-0x0000000000A90000-memory.dmp

    • Size

      256KB

    • MD5

      6f939f6bf38119b88c46c565b33a7e5b

    • SHA1

      0e5dc9cb1835bf23cd134aeaaa6f6e4ae1eb2f15

    • SHA256

      b2cd47bd16991db123ea7a13531290ad8e1f2ca7630942ebd2d90731d1983936

    • SHA512

      31c881764e218fa56fc0885e80808a0b4f7a25c550ffccb762934b435bb87b6416dda4bd9caa6b5a10182247f97c0b5b234b9c8a00f38a9f216c07b114d06089

    • SSDEEP

      3072:F8e8hUOZZV+m5c/QmRSNhGOy54SdVThDZ48e8hU654H:FOrj2VnHThDS6+

    Score
    10/10
    modiloaderaspackv2persistencetrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Downloads MZ/PE file

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks