Overview

overview

10

Static

static

1

Documentaz...ia.cmd

windows7-x64

7

Documentaz...ia.cmd

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    22112024_0207_20112024_Documentazione Doganale - richieste di-- copia.zip

  • Size

    1021KB

  • Sample

    241122-cj9slsyjaq

  • MD5

    57c1808591df0963cbf2b94ced2464b5

  • SHA1

    ce7cfe1973e5c6f0e2780ab589eec945220a6706

  • SHA256

    444172e268af9306a64a631127280d6ce1f311dc2947c1a9927200c2549c07da

  • SHA512

    ee5e86b3468b6348d22d5835d85ef3e91c627971c05d923c29dda7428d25bebd87c0b360c0d199cdcb6be7da3f7a72462d7e1ed6bbc3c44ae23b881288a495b7

  • SSDEEP

    24576:tHtQDSeHF93aHNRwUYdQw9hOWsMuy+paveT1f+E8N4jzbx:JeDSw6NuUYmw9hODMpvckzN4jfx

Score
10/10
modiloaderdiscoverypersistencetrojan

Malware Config

Targets

    • Target

      Documentazione_Doganale_richieste_di_copia.cmd

    • Size

      3.4MB

    • MD5

      e83eaefa47746764ed0708da11cf890f

    • SHA1

      5986d2e1da1d6fa42825ae627ee688cac4530fd7

    • SHA256

      13e2c237c2fa5b146ada50ad1be0be71832e42b745f2bc82daa52558807a7aa6

    • SHA512

      d69fe44a64af8693c5d15dcc0d3773e3b30da540f90be0ba3addd1bbcf99c26632572f1a4eccf1838ac60da4e0d27b5700a4ebeeac8448f3c822e67399a9d251

    • SSDEEP

      49152:f6DzaZKYLJqhTLqP8gTM0BiuWSIRbWRIi9b:v

    Score
    10/10
    discoverymodiloaderpersistencetrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Modiloader family

      modiloader

    • ModiLoader Second Stage

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks