Overview

overview

10

Static

static

1

96f3a3705a...b9.rar

windows7-x64

3

96f3a3705a...b9.rar

windows10-2004-x64

3

cliente 12...DF.cmd

windows7-x64

10

cliente 12...DF.cmd

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    18891367897.zip

  • Size

    1.3MB

  • Sample

    240906-repdfa1dka

  • MD5

    259adce61750464ecfa1f01612a10235

  • SHA1

    48b21ab1dc76061edaf78c3cc57e8700ebcbcc1b

  • SHA256

    bb2486e1a9fa1f51acb25ae6a26bdea2742670bc7402bff13fbef437565fce19

  • SHA512

    f15d217dc609e413a7c0e8d0725cb659fc44fc89e691ed48156992c4a388a9f355c68b73ed4ffd2318dabfa691ea7110b232a73d297d6e5114c0f03a27426353

  • SSDEEP

    24576:zyv3F8ifgmE/NKb2kLlfZz7hUYAoahB/2si1HhSadYq8lDX4zT:zE36ipE/Ib2k/z7hUYCB/61HUXjM

Score
10/10
modiloadercollectioncredential_accessdiscoverystealertrojan

Malware Config

Targets

    • Target

      96f3a3705af82d14856fa05c467618e86c249bea8d0576e982a141e1377d50b9

    • Size

      1.3MB

    • MD5

      a5a9f9c5eacfc772a60021f012e60156

    • SHA1

      4559fa904765232a7016437f99e8a2e49a609e82

    • SHA256

      96f3a3705af82d14856fa05c467618e86c249bea8d0576e982a141e1377d50b9

    • SHA512

      3f1431785295d27a4fad3c7bac66be60770f962bcf773e07969d64beb052d79ad106864351548737f3725a97a647570e9f378cafd28756dc7d4a3366d583eafa

    • SSDEEP

      24576:5iS2MMIqk1Yd2GMnkG1jPY9cRc2EBJGaxTHDKzZBX3BgrEcO+Zrq4tES:5i0WhEhH17xgB9TjKzZJuq+

    Score
    3/10
    behavioral1behavioral2

    • Target

      cliente 127271655._PDF.cmd

    • Size

      5.6MB

    • MD5

      270d320fe9e53219f111468d9cb0f92f

    • SHA1

      c02e58981e9932189bcbec20344270d3676bf359

    • SHA256

      26de9f9d639c231fcb2ffd7d3462eb413a73f80530bce4c85688fe01dc14e5a2

    • SHA512

      22c8452d5a049411c60407aca185a1a16d9782843b996175a11e0b6ba8906785815de03bbe9a86cc276824fce8bea563ca091a64108653d5acb910a5b5976f78

    • SSDEEP

      49152:0rD9Wg1J/2S0Z2OMLd85zX6itUpxYGOH2Gm8:1

    Score
    10/10
    modiloaderdiscoverytrojancollectioncredential_accessstealer

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • ModiLoader Second Stage

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook accounts

      collection

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks