Overview

overview

10

Static

static

3

71f4904285...0N.exe

windows7-x64

10

71f4904285...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    71f49042859a510a846a10fe2d5f7910N.exe

  • Size

    112KB

  • Sample

    240915-l4c4tayemr

  • MD5

    71f49042859a510a846a10fe2d5f7910

  • SHA1

    0fce317b953bf5785ed466398c125578e9a199ae

  • SHA256

    40011d852e2c2fa22ee9b3cd1595441231c31fd78a9fa05352d1d61beb3faa02

  • SHA512

    704fa4974aa265c279b10a5826fdeb087e2ef921a2478c166a5baf8544e54e3725164701548fb4e18d11dd4c0f468e9bdf4461147bcee03ff7a307412cb15aa3

  • SSDEEP

    1536:t2ovIa47CqIf2f3w41p7sDcX7juR/JSJw8EeNshUDGXJ:tVIr7zI+fAceoGxSKKo5

Score
10/10
modiloaderdiscoverypersistencetrojanupx

Malware Config

Targets

    • Target

      71f49042859a510a846a10fe2d5f7910N.exe

    • Size

      112KB

    • MD5

      71f49042859a510a846a10fe2d5f7910

    • SHA1

      0fce317b953bf5785ed466398c125578e9a199ae

    • SHA256

      40011d852e2c2fa22ee9b3cd1595441231c31fd78a9fa05352d1d61beb3faa02

    • SHA512

      704fa4974aa265c279b10a5826fdeb087e2ef921a2478c166a5baf8544e54e3725164701548fb4e18d11dd4c0f468e9bdf4461147bcee03ff7a307412cb15aa3

    • SSDEEP

      1536:t2ovIa47CqIf2f3w41p7sDcX7juR/JSJw8EeNshUDGXJ:tVIr7zI+fAceoGxSKKo5

    Score
    10/10
    modiloaderdiscoverytrojanupxpersistence

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks