Overview

overview

10

Static

static

3

TR98765456700.exe

windows7-x64

10

TR98765456700.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    04122024_0817_03122024_TR98765456700.doc.gz

  • Size

    680KB

  • Sample

    241204-j93kjsvkeq

  • MD5

    660c5e877833d5ee0210ec20fb65855a

  • SHA1

    a51e6272f71bb858d7cc507f1aac9c2579cc72ba

  • SHA256

    62c8299d7b7f86bba56b9287a35780872082a276277c86079c751a5043afd2ca

  • SHA512

    95c8d9c74582c0aefab59585d044a3748d12ae652d198420dd192ca36378c64b73c903f00db1c01a9c0a69def1bd86b2b2f48f6d89f2b0f44c5f9b3e6a88e036

  • SSDEEP

    12288:515+vTqkEACJNywTP3ENq9bxh2G3Frew0A27ECNFrC3Yi1hkUMA:x+vTqhACDTMNqfhLJWd/DmFhkUj

Score
10/10
modiloadercollectiondiscoverypersistencetrojan

Malware Config

Targets

    • Target

      TR98765456700.exe

    • Size

      1.2MB

    • MD5

      64d163651d7f87cda7923cbb0f97a792

    • SHA1

      20326f28251268c0a840b85428f4aa60af8cd072

    • SHA256

      a321845a0fe4b5547119450f671a9c929e3f6476cac5776bab8e9e94fd840b56

    • SHA512

      26e89bb9847190724d5e0511f99a8a8c2e1020152dfed1e73eee89719769ea6436203e07dbbcf1febbd2509aea341201fd07fedf78339c4a91e1e8de3cd47da2

    • SSDEEP

      24576:sofATcuqlhWtIEARIjKPeMR0nGIO2BakYPyZ4IMjMv0fdgKiYR:so5GzMR0GIO2BwyZ4IM

    Score
    10/10
    modiloaderdiscoverypersistencetrojancollection

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Modiloader family

      modiloader

    • ModiLoader Second Stage

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook accounts

      collection

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks