Overview

overview

10

Static

static

3

cfe49535d5...AS.exe

windows7-x64

7

cfe49535d5...AS.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cfe49535d5614bead6b98f51a064bb90_NEAS

  • Size

    112KB

  • Sample

    240507-s8395ade6y

  • MD5

    cfe49535d5614bead6b98f51a064bb90

  • SHA1

    d8741fee49ed44ef8ea0a84bcde1ffbb6efe689a

  • SHA256

    d1d7b0e5a318fa830b20ba086db896bdd95b390329ab1781b8663c499b397e9e

  • SHA512

    05fdfe07b6f492a9564ec6c3c48c9eb14e68d86b0bd3148791c0600070ed18a8f71e864f220c2e51adbe21096ff437729b6192c40a185e7adbc2cdcb090b34a4

  • SSDEEP

    1536:t2ovIa47CqIf2f3w41p7sDcX7juR/JSJw8EeNshUDGXJ:tVIr7zI+fAceoGxSKKo5

Score
10/10
modiloaderpersistencetrojanupx

Malware Config

Targets

    • Target

      cfe49535d5614bead6b98f51a064bb90_NEAS

    • Size

      112KB

    • MD5

      cfe49535d5614bead6b98f51a064bb90

    • SHA1

      d8741fee49ed44ef8ea0a84bcde1ffbb6efe689a

    • SHA256

      d1d7b0e5a318fa830b20ba086db896bdd95b390329ab1781b8663c499b397e9e

    • SHA512

      05fdfe07b6f492a9564ec6c3c48c9eb14e68d86b0bd3148791c0600070ed18a8f71e864f220c2e51adbe21096ff437729b6192c40a185e7adbc2cdcb090b34a4

    • SSDEEP

      1536:t2ovIa47CqIf2f3w41p7sDcX7juR/JSJw8EeNshUDGXJ:tVIr7zI+fAceoGxSKKo5

    Score
    10/10
    upxmodiloaderpersistencetrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks