Overview

overview

10

Static

static

7

ab16ae238a...7b.exe

windows7-x64

10

ab16ae238a...7b.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    ab16ae238a526427830a328c54643f7b.exe

  • Size

    1.3MB

  • Sample

    240107-xsjyrscabl

  • MD5

    ab16ae238a526427830a328c54643f7b

  • SHA1

    72fc7923b30b8a05713412a898e55b554c91767d

  • SHA256

    75e1e062f0beee11b374eaf2216940a670faaa79a3547531acb0dae77ee74520

  • SHA512

    660a9c881482cdf0428c3836d62cbaa5132edc9132fbe1c31d7b7cd93208fd716d8a80a69eefa9d115e28093f4706f36858ba4fc2583908883c54d9ed492ec4b

  • SSDEEP

    24576:iqEZ7QyK2jxEo10xmHDRI9pC+f7gk4G0Y7Ls75w8lItF8a3THv8+stnQm6b:inFQvumwGpCWgk4G0Y7yi86X8aQ+stQt

Score
10/10
modiloaderevasionpersistencethemidatrojan

Malware Config

Targets

    • Target

      ab16ae238a526427830a328c54643f7b.exe

    • Size

      1.3MB

    • MD5

      ab16ae238a526427830a328c54643f7b

    • SHA1

      72fc7923b30b8a05713412a898e55b554c91767d

    • SHA256

      75e1e062f0beee11b374eaf2216940a670faaa79a3547531acb0dae77ee74520

    • SHA512

      660a9c881482cdf0428c3836d62cbaa5132edc9132fbe1c31d7b7cd93208fd716d8a80a69eefa9d115e28093f4706f36858ba4fc2583908883c54d9ed492ec4b

    • SSDEEP

      24576:iqEZ7QyK2jxEo10xmHDRI9pC+f7gk4G0Y7Ls75w8lItF8a3THv8+stnQm6b:inFQvumwGpCWgk4G0Y7yi86X8aQ+stQt

    Score
    10/10
    modiloaderevasionpersistencethemidatrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • UAC bypass

      evasiontrojan

    • ModiLoader Second Stage

    • Executes dropped EXE

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks