Overview

overview

10

Static

static

3

431d84d210...ca.exe

windows7-x64

10

431d84d210...ca.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    431d84d2101d4bfa1390a8b8640a64ca

  • Size

    187KB

  • Sample

    240105-jctw5sgeb9

  • MD5

    431d84d2101d4bfa1390a8b8640a64ca

  • SHA1

    7078269f9d53409be8bf831fe7700a030bbdf77b

  • SHA256

    90729d5fcf5401f00ba230c05ad61446a29ebacb219e1dca6dc0a89f58100d15

  • SHA512

    51e8e387dec66225b51baecb0359e44b390bacec25bc01270d5f3d2d9335fb7ffbd0526d5f5188a82735ed4a57136f29d7a5416b4cc07285fa4af34480ea2de6

  • SSDEEP

    3072:aUzJd/bxakbwThIk8Xryl3rP+eZrCow02rb2sgflgXtTpsC4lLAtNDDA1:7z/bxaSwTuBrypWIeowjbcfmtpsC4lsa

Score
10/10
modiloaderpersistencetrojan

Malware Config

Targets

    • Target

      431d84d2101d4bfa1390a8b8640a64ca

    • Size

      187KB

    • MD5

      431d84d2101d4bfa1390a8b8640a64ca

    • SHA1

      7078269f9d53409be8bf831fe7700a030bbdf77b

    • SHA256

      90729d5fcf5401f00ba230c05ad61446a29ebacb219e1dca6dc0a89f58100d15

    • SHA512

      51e8e387dec66225b51baecb0359e44b390bacec25bc01270d5f3d2d9335fb7ffbd0526d5f5188a82735ed4a57136f29d7a5416b4cc07285fa4af34480ea2de6

    • SSDEEP

      3072:aUzJd/bxakbwThIk8Xryl3rP+eZrCow02rb2sgflgXtTpsC4lLAtNDDA1:7z/bxaSwTuBrypWIeowjbcfmtpsC4lsa

    Score
    10/10
    modiloaderpersistencetrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Modifies WinLogon for persistence

      persistence

    • ModiLoader Second Stage

    • Adds policy Run key to start application

      persistence

    • Modifies Installed Components in the registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks