General
-
Target
cd10c8d760988e3e110307788f0974e0N.exe
-
Size
624KB
-
Sample
240803-wre3ravhjf
-
MD5
cd10c8d760988e3e110307788f0974e0
-
SHA1
5b154258460704474a8f1cf82b1c5c1403c11cb4
-
SHA256
035e40a53750865cd0dcb3d431ca48efe532082a4a80ed658e87a0343788fb61
-
SHA512
ebef5f6e0b18a9aec44973169ebf25fe66089e573c6f9af8be59af85c86fce5c6b8aa27795a821a209bb77275b98f71cbbb92e9fb93d0f58504c4ab02fb1cb6b
-
SSDEEP
12288:PzQOcFegUZYsJiJvjFoO7wiLOyEXfd8Vw8FIeVWhg:0OGvjFoOUHXl8u8Fj
Static task
static1
Behavioral task
behavioral1
Sample
cd10c8d760988e3e110307788f0974e0N.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
cd10c8d760988e3e110307788f0974e0N.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
latentbot
extremehacker.zapto.org
Targets
-
-
Target
cd10c8d760988e3e110307788f0974e0N.exe
-
Size
624KB
-
MD5
cd10c8d760988e3e110307788f0974e0
-
SHA1
5b154258460704474a8f1cf82b1c5c1403c11cb4
-
SHA256
035e40a53750865cd0dcb3d431ca48efe532082a4a80ed658e87a0343788fb61
-
SHA512
ebef5f6e0b18a9aec44973169ebf25fe66089e573c6f9af8be59af85c86fce5c6b8aa27795a821a209bb77275b98f71cbbb92e9fb93d0f58504c4ab02fb1cb6b
-
SSDEEP
12288:PzQOcFegUZYsJiJvjFoO7wiLOyEXfd8Vw8FIeVWhg:0OGvjFoOUHXl8u8Fj
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3