Overview

overview

10

Static

static

3

b08a503b2e...cs.exe

windows7-x64

10

b08a503b2e...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b08a503b2ef84eb6a8fd48d56fadd6f0_NeikiAnalytics

  • Size

    308KB

  • Sample

    240510-k1nwgaea7v

  • MD5

    b08a503b2ef84eb6a8fd48d56fadd6f0

  • SHA1

    25144a87f414ca13d30f28042328b6ee5bdc94c6

  • SHA256

    654f4302585126e759fd3c05944a56b69276d159f413ff2f17cec4bb2ad6ed42

  • SHA512

    38650f2802e44c63afea7e0e62ec435da27f267da8a60399377d3dd33930c32c883fc6eda4c7b5ac6afa222ebdd07c4f018e6831c2daf8ead34d5420d0a6e45a

  • SSDEEP

    3072:/c3sBG7mXh7m/zZM3jAbNOM6CNtDCZFL:E3sBz0Z4Mj72F

Score
10/10
modiloaderpersistencetrojanupx

Malware Config

Targets

    • Target

      b08a503b2ef84eb6a8fd48d56fadd6f0_NeikiAnalytics

    • Size

      308KB

    • MD5

      b08a503b2ef84eb6a8fd48d56fadd6f0

    • SHA1

      25144a87f414ca13d30f28042328b6ee5bdc94c6

    • SHA256

      654f4302585126e759fd3c05944a56b69276d159f413ff2f17cec4bb2ad6ed42

    • SHA512

      38650f2802e44c63afea7e0e62ec435da27f267da8a60399377d3dd33930c32c883fc6eda4c7b5ac6afa222ebdd07c4f018e6831c2daf8ead34d5420d0a6e45a

    • SSDEEP

      3072:/c3sBG7mXh7m/zZM3jAbNOM6CNtDCZFL:E3sBz0Z4Mj72F

    Score
    10/10
    modiloaderpersistencetrojanupx

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks