Overview

overview

10

Static

static

10

bd3e0f2e12...9e.exe

windows7-x64

10

bd3e0f2e12...9e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bd3e0f2e12974c5e662fbe148ee81ad45211589cb5a364590681cf4832598f9e

  • Size

    326KB

  • Sample

    240604-cq7ltsaa51

  • MD5

    1b7f3191fcf1188240852a5af5df52df

  • SHA1

    402b3285afd77ec9499f349ec7365d7a1be9ef94

  • SHA256

    bd3e0f2e12974c5e662fbe148ee81ad45211589cb5a364590681cf4832598f9e

  • SHA512

    55ae4552585085f32a7a2439571129864f168254209736780a156930ccdfa2c037daa20130066d35ab0f95d13d5809c2c84e107cb850a6dca48bad43218c60aa

  • SSDEEP

    3072:Ie2A0wxDqUpM5scww4chO+O1BmP5DG0sg3i4XZ9WvDZHwdRX/L+gP38XV:IsxD5cwohO+O1sVG0/pZ6iPC8

Score
10/10
modiloaderpersistencetrojanupx

Malware Config

Targets

    • Target

      bd3e0f2e12974c5e662fbe148ee81ad45211589cb5a364590681cf4832598f9e

    • Size

      326KB

    • MD5

      1b7f3191fcf1188240852a5af5df52df

    • SHA1

      402b3285afd77ec9499f349ec7365d7a1be9ef94

    • SHA256

      bd3e0f2e12974c5e662fbe148ee81ad45211589cb5a364590681cf4832598f9e

    • SHA512

      55ae4552585085f32a7a2439571129864f168254209736780a156930ccdfa2c037daa20130066d35ab0f95d13d5809c2c84e107cb850a6dca48bad43218c60aa

    • SSDEEP

      3072:Ie2A0wxDqUpM5scww4chO+O1BmP5DG0sg3i4XZ9WvDZHwdRX/L+gP38XV:IsxD5cwohO+O1sVG0/pZ6iPC8

    Score
    10/10
    modiloaderpersistencetrojanupx

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Detects Windows executables referencing non-Windows User-Agents

    • ModiLoader Second Stage

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks