Overview

overview

10

Static

static

1

cliente 12...DF.cmd

windows7-x64

10

cliente 12...DF.cmd

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    05092024_1436_05092024_cliente 127271655._PDF.rar

  • Size

    1.3MB

  • Sample

    240905-rymzqasfrk

  • MD5

    a5a9f9c5eacfc772a60021f012e60156

  • SHA1

    4559fa904765232a7016437f99e8a2e49a609e82

  • SHA256

    96f3a3705af82d14856fa05c467618e86c249bea8d0576e982a141e1377d50b9

  • SHA512

    3f1431785295d27a4fad3c7bac66be60770f962bcf773e07969d64beb052d79ad106864351548737f3725a97a647570e9f378cafd28756dc7d4a3366d583eafa

  • SSDEEP

    24576:5iS2MMIqk1Yd2GMnkG1jPY9cRc2EBJGaxTHDKzZBX3BgrEcO+Zrq4tES:5i0WhEhH17xgB9TjKzZJuq+

Score
10/10
modiloadercollectioncredential_accessdiscoverystealertrojan

Malware Config

Targets

    • Target

      cliente 127271655._PDF.cmd

    • Size

      5.6MB

    • MD5

      270d320fe9e53219f111468d9cb0f92f

    • SHA1

      c02e58981e9932189bcbec20344270d3676bf359

    • SHA256

      26de9f9d639c231fcb2ffd7d3462eb413a73f80530bce4c85688fe01dc14e5a2

    • SHA512

      22c8452d5a049411c60407aca185a1a16d9782843b996175a11e0b6ba8906785815de03bbe9a86cc276824fce8bea563ca091a64108653d5acb910a5b5976f78

    • SSDEEP

      49152:0rD9Wg1J/2S0Z2OMLd85zX6itUpxYGOH2Gm8:1

    Score
    10/10
    modiloaderdiscoverytrojancollectioncredential_accessstealer

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • ModiLoader Second Stage

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook accounts

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks