Overview

overview

10

Static

static

3

ce9417db64...cs.exe

windows7-x64

10

ce9417db64...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ce9417db64112d36f1d37ae65e499be0_NeikiAnalytics

  • Size

    35KB

  • Sample

    240514-vlwmwafg36

  • MD5

    ce9417db64112d36f1d37ae65e499be0

  • SHA1

    05f2e7b62266060d9dbc8c3cb324faedb4b9c6de

  • SHA256

    6701a519dca5bfe80c0db302f50c0edb67bdb48f3feb2569e19eae2c1c9d6cbf

  • SHA512

    0e2b9f308973eaacaf5e1e5bb53bea461e39fd993df802cb736af0680057ee8a276de8f31a06d8e017a5e0c0f922dd2fefd0aa09cddc1825e29ead98938c0120

  • SSDEEP

    768:gTQ2WueGXbvqpBG2VVaa+FaaY0WOy5v7M73G/LyEllVTB:kQ2cwbKQYVx+8apYv7uoLhlVTB

Score
10/10
modiloaderpersistencetrojan

Malware Config

Targets

    • Target

      ce9417db64112d36f1d37ae65e499be0_NeikiAnalytics

    • Size

      35KB

    • MD5

      ce9417db64112d36f1d37ae65e499be0

    • SHA1

      05f2e7b62266060d9dbc8c3cb324faedb4b9c6de

    • SHA256

      6701a519dca5bfe80c0db302f50c0edb67bdb48f3feb2569e19eae2c1c9d6cbf

    • SHA512

      0e2b9f308973eaacaf5e1e5bb53bea461e39fd993df802cb736af0680057ee8a276de8f31a06d8e017a5e0c0f922dd2fefd0aa09cddc1825e29ead98938c0120

    • SSDEEP

      768:gTQ2WueGXbvqpBG2VVaa+FaaY0WOy5v7M73G/LyEllVTB:kQ2cwbKQYVx+8apYv7uoLhlVTB

    Score
    10/10
    modiloadertrojanpersistence

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Modifies Installed Components in the registry

      persistence

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks