Overview

overview

10

Static

static

3

0cf9c23889...1N.exe

windows7-x64

10

0cf9c23889...1N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0cf9c23889403841c57502186fa298eed863d4cb55d089256b699c8913de3581N

  • Size

    666KB

  • Sample

    240921-szdywazfkm

  • MD5

    e4adecdfb24eba846689b4affcca8b30

  • SHA1

    4151ca803516cd9560b0d26fdab8e0312d669e4e

  • SHA256

    0cf9c23889403841c57502186fa298eed863d4cb55d089256b699c8913de3581

  • SHA512

    0676eda6a371877d354e583f911c2ed9fbfc981f2aa62d5ae042bd1d82c796ca0232f4168877985be18c6bdc35416dc71dad5ee570e1e37bfd3dc3d2d135aecd

  • SSDEEP

    12288:Uf1Ks4SjTyICxkawPKCkJ+4rP9tVo4DbF3Z4mxxeoEtlK+kt9T2MVuSE:U9KsH5sXwPp2+UPx5QmXXGhF

Score
10/10
modiloaderdiscoverytrojan

Malware Config

Targets

    • Target

      0cf9c23889403841c57502186fa298eed863d4cb55d089256b699c8913de3581N

    • Size

      666KB

    • MD5

      e4adecdfb24eba846689b4affcca8b30

    • SHA1

      4151ca803516cd9560b0d26fdab8e0312d669e4e

    • SHA256

      0cf9c23889403841c57502186fa298eed863d4cb55d089256b699c8913de3581

    • SHA512

      0676eda6a371877d354e583f911c2ed9fbfc981f2aa62d5ae042bd1d82c796ca0232f4168877985be18c6bdc35416dc71dad5ee570e1e37bfd3dc3d2d135aecd

    • SSDEEP

      12288:Uf1Ks4SjTyICxkawPKCkJ+4rP9tVo4DbF3Z4mxxeoEtlK+kt9T2MVuSE:U9KsH5sXwPp2+UPx5QmXXGhF

    Score
    10/10
    modiloaderdiscoverytrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks