Overview

overview

10

Static

static

3

7651a407f1...77.exe

windows7-x64

10

7651a407f1...77.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7651a407f1fdb28af4ec98c8cc4869a2709905c8b35311e4366fb4f097326277

  • Size

    1.1MB

  • Sample

    241117-mtqslaxmhv

  • MD5

    ddeaf624a268748a32e4794bef5ea28f

  • SHA1

    2a9b0dd759c01158c697b5edf301a00574ce2abc

  • SHA256

    7651a407f1fdb28af4ec98c8cc4869a2709905c8b35311e4366fb4f097326277

  • SHA512

    910b3a7462aef715359d13be1e6f50fb05f165bb916b9002cd93d9b0a28d04a8976b45fdea2faad20b885a4fa1d5ba8076d18d65ba218f63314084d7699dc288

  • SSDEEP

    24576:rCtVqnbUQ25Qm2Xz8iYcx3RqrPBzKRfuHpEqiyu5T5:rkabmQYc3qrWyuv

Score
10/10
modiloaderdiscoverypersistencetrojan

Malware Config

Targets

    • Target

      7651a407f1fdb28af4ec98c8cc4869a2709905c8b35311e4366fb4f097326277

    • Size

      1.1MB

    • MD5

      ddeaf624a268748a32e4794bef5ea28f

    • SHA1

      2a9b0dd759c01158c697b5edf301a00574ce2abc

    • SHA256

      7651a407f1fdb28af4ec98c8cc4869a2709905c8b35311e4366fb4f097326277

    • SHA512

      910b3a7462aef715359d13be1e6f50fb05f165bb916b9002cd93d9b0a28d04a8976b45fdea2faad20b885a4fa1d5ba8076d18d65ba218f63314084d7699dc288

    • SSDEEP

      24576:rCtVqnbUQ25Qm2Xz8iYcx3RqrPBzKRfuHpEqiyu5T5:rkabmQYc3qrWyuv

    Score
    10/10
    modiloaderdiscoverypersistencetrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Modiloader family

      modiloader

    • ModiLoader Second Stage

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks