Overview

overview

10

Static

static

1

Payment Slip.xls

windows7-x64

10

Payment Slip.xls

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Payment Slip.xls

  • Size

    413KB

  • Sample

    240925-gnlnss1hrb

  • MD5

    5a788468cddd802e6eea249755b4beaf

  • SHA1

    068f53461793d7859d33818369f2b89177767c00

  • SHA256

    60a3ba978c54e5c55e3e41ae565ff05ba1e7fa9627a8bde0edb751aad25fa298

  • SHA512

    a98e146b3725856522476969cef37e9144b36c434a990f60cde7675cdcf17aed430a63b2cc8a908c2a6030b4dbdfcc35c93d07adeaabef76fedcc828b1c3a5e2

  • SSDEEP

    12288:/vGw7AQCRQwutWYRrBP5Eof77zUBoLiw:WwZHXtWiBPay7cBe

Score
10/10
modiloaderdiscoverytrojan

Malware Config

Targets

    • Target

      Payment Slip.xls

    • Size

      413KB

    • MD5

      5a788468cddd802e6eea249755b4beaf

    • SHA1

      068f53461793d7859d33818369f2b89177767c00

    • SHA256

      60a3ba978c54e5c55e3e41ae565ff05ba1e7fa9627a8bde0edb751aad25fa298

    • SHA512

      a98e146b3725856522476969cef37e9144b36c434a990f60cde7675cdcf17aed430a63b2cc8a908c2a6030b4dbdfcc35c93d07adeaabef76fedcc828b1c3a5e2

    • SSDEEP

      12288:/vGw7AQCRQwutWYRrBP5Eof77zUBoLiw:WwZHXtWiBPay7cBe

    Score
    10/10
    modiloaderdiscoverytrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Abuses OpenXML format to download file from external location

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks