Overview

overview

10

Static

static

7

0c2a0ffc61...51.exe

windows7-x64

10

0c2a0ffc61...51.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0c2a0ffc6158f59168503d1e4d6d3b51

  • Size

    572KB

  • Sample

    231230-dbrshahhd2

  • MD5

    0c2a0ffc6158f59168503d1e4d6d3b51

  • SHA1

    539363e3fd3fa7fa6d59286dae7d5def539ef621

  • SHA256

    7df20381932310897435f935f0c2544cba690294c5b0685d1e90f31b1c34be13

  • SHA512

    c00b9b70d2655936c2ef602dec68cc82b115ff0276079323c3c2991e28e3da9e655671b8728f71f48484ede08d6b2fcde55ea927193e3db2b8ec3fec9e39cc64

  • SSDEEP

    12288:EHLUMuiv9RgfSjAzRtybYkP6PG3OiEinju15JuL:etARYYkP6PG3OiEinCfc

Score
10/10
modiloaderevasionpersistencetrojanupx

Malware Config

Targets

    • Target

      0c2a0ffc6158f59168503d1e4d6d3b51

    • Size

      572KB

    • MD5

      0c2a0ffc6158f59168503d1e4d6d3b51

    • SHA1

      539363e3fd3fa7fa6d59286dae7d5def539ef621

    • SHA256

      7df20381932310897435f935f0c2544cba690294c5b0685d1e90f31b1c34be13

    • SHA512

      c00b9b70d2655936c2ef602dec68cc82b115ff0276079323c3c2991e28e3da9e655671b8728f71f48484ede08d6b2fcde55ea927193e3db2b8ec3fec9e39cc64

    • SSDEEP

      12288:EHLUMuiv9RgfSjAzRtybYkP6PG3OiEinju15JuL:etARYYkP6PG3OiEinCfc

    Score
    10/10
    modiloaderevasionpersistencetrojanupx

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks