Overview

overview

10

Static

static

10

phpxedit_33/setup.exe

windows7-x64

7

phpxedit_33/setup.exe

windows10-2004-x64

7

phpxedit_3...it.exe

windows7-x64

10

phpxedit_3...it.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    48ffbabe49f00a49b2b4f54c10bf9c4dc943e6e34d3df6517e5f7a0dccecc101

  • Size

    4.3MB

  • Sample

    240906-2f1g7s1ekq

  • MD5

    d050b95b33d1f8bac292efe5400486b7

  • SHA1

    1f87224ce06c3192544ac6bcb1c207fe1486f32a

  • SHA256

    48ffbabe49f00a49b2b4f54c10bf9c4dc943e6e34d3df6517e5f7a0dccecc101

  • SHA512

    8712250ae913d87888dd74f1c7f9359dd89263b43436862518596058ee912a23a2f382f8a62db51725eb2fee39060dd4d93306c09371771b9da339910d099526

  • SSDEEP

    98304:EJUfRiJ8NJ0L085/xZ4re8amikf9OW2kVfZVy2J:cUazJZ4rexmDf9ObAZQ2J

Score
10/10
modiloaderdiscoverytrojan

Malware Config

Targets

    • Target

      phpxedit_33/setup.exe

    • Size

      3.1MB

    • MD5

      9420af215ea84e36486acf19e682f0db

    • SHA1

      38743e7d532aefb2d3cb5a3ce9b3f73662112a9d

    • SHA256

      1f2fdbb60dc4a351c2cbb4bc9ab766e4368858aff197b22213eefbda85bc1897

    • SHA512

      d0cd6c6855b5e8914b29876818ff2af7b25a9ba562a3f6f63658d42bf6705ee1ca0e67023fc790f800f2bc23e44f7bdf2c71695b3c3071bd48358a7edc2004ff

    • SSDEEP

      98304:EVIrU1BsJOthlEWG2bG0Z4reAreoeteCnAL:O2USqJZ4reAreoeteCns

    Score
    7/10
    discovery

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      phpxedit_33/詟/phpxedit.exe

    • Size

      3.3MB

    • MD5

      cfe7f4da9b1a3b43a32b1237e38c6f4c

    • SHA1

      8ab14432dccbb2e6688fd21cb07de435deece249

    • SHA256

      ab28ab1811e6c6ad7d3c52913b5bae7d0aa391c7f590721bd5afb8a9c6ac48e5

    • SHA512

      add7149e1ccbe47ed9bed3419dd6092f775dcf274204c3b927b5c686e904bdc573566c2b78b0429a927646ff75049c9499b49cd47c76b22e999747e6f11b7b15

    • SSDEEP

      49152:ZlopnW579kJReXmwseswY9feHuMJ0MPju:v+nW56JRAWMP

    Score
    10/10
    modiloaderdiscoverytrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader First Stage

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks