Overview

overview

10

Static

static

3

Factura.exe

windows7-x64

10

Factura.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Factura8.tar.lz

  • Size

    588KB

  • Sample

    240906-1fvfhsygkp

  • MD5

    53baf5c9a0c8b13cb0bbdca4cd7cc025

  • SHA1

    3bd3e1996c64620f83a64c826708c33beedcc14f

  • SHA256

    207470c31aebb98487d019c4ca219f77be687bca6c704321066f6b6f31c58d25

  • SHA512

    d712c8d8536555fe420b3a1851c73c8ece0c9dcbf9c583b8a003c76a05392828a8dc9b41bc35443bbdec9a7346df5d5d495c8a839a9c6d4941cdcf051c584068

  • SSDEEP

    12288:Ur52lfmBF12lYaKdlfquhYKJReshs1UsG+16h3O9Mu74Cn8pTm/uxwUbfDp3/:NNGFLL3fqMR1hs1Usu3XsZ8pT7NbfF3/

Score
10/10
modiloaderdiscoverypersistencetrojan

Malware Config

Targets

    • Target

      Factura.exe

    • Size

      1.4MB

    • MD5

      b7ae27c0f9ebaa19934b75ed05cea094

    • SHA1

      4f8be01c46092555a8fe4871e40733b6f29c4c70

    • SHA256

      c84953278a17d52f97efb2a10403d81e4f16e98dab2b4025d7049445e566e893

    • SHA512

      e7585276448216bdd78f136f942d7027b394fdcaf26e655d7672d09254785cb6e457363b475607c810ad956b18af7a7539896e1e4179d11974097f3ebee889de

    • SSDEEP

      24576:X/yPbQ/8GreJLDAvcFz7Q0U3VgAA2gUf3THW09jY86VxOsF:XYuUR7wg0gUf3Dtw

    Score
    10/10
    modiloaderdiscoverypersistencetrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks