modiloader | 92e1564bda93d78c41c2c2898bfb3995fd9c2bd58753664231f71475baf69bd3 | Triage

Resubmissions

02/09/2024, 16:05

240902-tjhgssvcqb 10

02/09/2024, 16:01

240902-tgfkesvcne 10

Sharing

General

Target

Kalkulator.rar
Size

1.7MB
Sample

240902-tgfkesvcne
MD5

897b1a4c622e9fdf236e2d295113f963
SHA1

e2006b76e2bd4d6ef58e719f546c8372e6f4efa1
SHA256

92e1564bda93d78c41c2c2898bfb3995fd9c2bd58753664231f71475baf69bd3
SHA512

ccc8faf4efe65db9ebf0707c0d0f63e5f2a7217beed1e1abc83d28fdab6f212da7e9c77c1a8fb0deb8344c261396867a09abf9ce9a15f4f42a6c117cdb1b3ba3
SSDEEP

49152:s/LDwVirFVmPhQWD4aju1RPAQ6bv+hWrOM/tgtcv:U5rFQhQWMaaRPALLJdytQ

Score

10^/10

modiloader discovery evasion trojan

Malware Config

Targets

- Target
  
  Kalkulator/B-517/Loading.html
- Size
  
  776B
- MD5
  
  3f86a7fd1be42f7dbf34c4ff25533cc5
- SHA1
  
  9b9477d475bad3b7dbbcb455fa0ba096bd9179ed
- SHA256
  
  bcb19bc09ed1f5567ee5c07d8421d3463536c10e3e796d73b6aeac81d5e760cd
- SHA512
  
  0b354cef65df83224995f39f24b2663534eec86ff67c0ac0a66e77db84f1d3e33d44d80f5a5f9d3f611bd726b3bf7fda5cd5818c100cbc2fd531e34c4e4327ac
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  Kalkulator/B-517/obciążenia ładowni.doc
- Size
  
  27KB
- MD5
  
  0a4f46f45d61c857f5be7bc29980dec6
- SHA1
  
  0ddc262c25637c8847f38d3c554f1055bb14e2ed
- SHA256
  
  b8a2f4caa0a82b11b8dfa190ec7b20d7ed5686ceaa2ae8a43ed0b2850b80965a
- SHA512
  
  1562465758853d3b48330ff84bb7056c1fb91d00a0f0d3724fa7c6d779c32ec8e2d4d87a3096332f5039e1706b53910e1e9c683f6dd81c36f39a591cf14f6e4a
- SSDEEP
  
  96:Uy8ZVDGD1kks5tkP5Okb5Akmw5/kR5bkF5kkUkxL/3G3T3T3T3T3T3T3FNWgYEP6:uZVDo+MDhgwKDq+Z0dV
Score

4^/10

discovery
behavioral3 behavioral4
- Target
  
  Kalkulator/B-517/plan.html
- Size
  
  37B
- MD5
  
  d567db97e06e09fc4e3e05aead69a380
- SHA1
  
  965453a888ad8f84c33b54060283ad8976b698e3
- SHA256
  
  feb79d914df67c416f25cfc83d75267b15ce6c2317ed86f6fcd9467f73ce9fe9
- SHA512
  
  d2b34cb1a21fd1caea8e21aa42ea7e6b071a3376ea8a0872ff5225ea024a5959078bd7ed88aeaef9c40cb4c2a8778fa1a488db4c78800ae3529471b578b1f72c
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  Kalkulator/B-517/pr1.html
- Size
  
  97B
- MD5
  
  946dbfb7da138cde07c227a650dfcbf5
- SHA1
  
  93d662dca61af230c67ac3acc86e871a7287d50b
- SHA256
  
  aa1c855cf0d8335c482d520b81d7eb9b0307fab316d896b4fcdfa74a4012d892
- SHA512
  
  cb5c0085f1cc3b8a7a2f029e4b84c176ea519a3b3322a0265fb75c0f4af89efdcdfa057e9ee80e3030900665782024f3535b53c061d3bf896a419d443cfb1444
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  Kalkulator/B-517/pr2.html
- Size
  
  97B
- MD5
  
  e01708576230dd7d3a86dbf5aaf09b68
- SHA1
  
  c02ac3940c6705fa086d09b56967c144ba290a5e
- SHA256
  
  5bd80d73adcd9d7b77c17c799705a1b8189d6870117d8e7ba915a5f000144508
- SHA512
  
  354ac3fa87a90f710334e783a0bc9b76e37458a1513d516c75fdd7b15e9df383bfedb8a1abd2c81f8d1a8c363d03b1b4129e86c94b07233025c66b814eb61e6c
Score

4^/10

discovery
behavioral10 behavioral9
- Target
  
  Kalkulator/Kalkulator.exe
- Size
  
  1.7MB
- MD5
  
  4f6efe3f4b09238d5b3de2115cb968c1
- SHA1
  
  c15a673c74d5175fbd251b8bb823c45618ef0dee
- SHA256
  
  e170860480858a64673e59bb3b15bd58c10701ea2ef7a959c9d2ccff6662ba5d
- SHA512
  
  39a9693ff5587b795b0f161287a9bb63adfde16f33a9ae427cb34a1edfd186c3aa6f94e050227b5aa6d605af6f8326037cb040f563f584b558b3af5d2c09b45e
- SSDEEP
  
  24576:gqpiRLIdnv9GwMLJCLc6DRhL7YSMv8H5x+KWYxJRSJfUBVKGXKGaL1:gki8nv9GwMtCV5d1VKGXKV1
Score

10^/10

modiloader discovery trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader First Stage
behavioral11 behavioral12
- Target
  
  Kalkulator/Kalkulator.url
- Size
  
  59B
- MD5
  
  7083e59aed51160103cb0841b9d5b45b
- SHA1
  
  1c5d6903574fa2120f3e67a58c1ff23e9279cf5f
- SHA256
  
  72ee6ca795f9df48342a3c14b6146708860a41de5818be0ecf1a65e18091c158
- SHA512
  
  79538e01f5f3e98cb73d8c26e15e84639d89977cf6dbc3e4454fdde608ae06a26ef1c803b2512f690b9e79f29fd8740d6f8951155a01d9bc1688b50dc54fee76
Score

6^/10

discovery evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral13 behavioral14
- Target
  
  Kalkulator/Sekwencja.exe
- Size
  
  730KB
- MD5
  
  3305bab423a52c14c0be6dfcace52cc2
- SHA1
  
  224c13808c15740c31a5874dfce8680891a1257a
- SHA256
  
  7898ff024d4d125c13d3e9e220a52fcac0e531644c418ea99f4e694a3c0c2349
- SHA512
  
  2a5a2feddccb4b36cf99e464a0b12fa25d5114c34fe62cf1d379fd804c449785dad9889da52e7dc18d99bda24d95f4625ebefc57aa598d5c5c4aff9bb4c4c641
- SSDEEP
  
  12288:6JVaLs6VzlPbZWUjRErd3e/l7vlvXSDiOp:UV0bVzvRErte97vJSJ
Score

10^/10

modiloader discovery trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader First Stage
behavioral15 behavioral16
- Target
  
  Kalkulator/unins000.exe
- Size
  
  627KB
- MD5
  
  93ca48d15c99dfcdebdc09b0238275e2
- SHA1
  
  42e435fbf113fc1a4bb4667a682ea070a69f0928
- SHA256
  
  882f15b083c10518e5fc89ca5c1b88fda47cd3cd403c3a637a2c2f02d1850eb6
- SHA512
  
  2a78561e13dd0f0ac7a650b7803c2fc39bc4043b9be9e2ef6ed477b674fae8448430f033d0c9061ad0241ecaf55a5a972cfe17e6461c0182cd61963bc620fe4d
- SSDEEP
  
  12288:6tOokrvhfrPY37nzHNA6iA1D2ftCy7ONbzw32AreMAZZ9xpm:Bo0vhfrPY37nzHNA6iA+74seMAZvxpm
Score

7^/10

discovery
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral17 behavioral18

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

modiloaderdiscoverytrojan

behavioral12

modiloaderdiscoverytrojan

behavioral13

discoveryevasiontrojan

behavioral14

behavioral15

modiloaderdiscoverytrojan

behavioral16

modiloaderdiscoverytrojan

behavioral17

behavioral18