Overview

overview

10

Static

static

3

MP-SOLUTIO...df.exe

windows7-x64

10

MP-SOLUTIO...df.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    23122024_0143_MP-SOLUTIONS___CONTROLS_PRIVATE_LIMITED_Quotation_2024_25_VIAS1059-pdf.exe.iso

  • Size

    1.8MB

  • Sample

    241223-b5q2ystnhm

  • MD5

    3b0e6bb19e3b6e4f5bc7759c466d4719

  • SHA1

    6b648410c71181cff0835c1fede344a5b0a52d30

  • SHA256

    0b0623c9a3b3b88af312175776c57491bcacbacefb9559d9ff261dfd5ea4eb62

  • SHA512

    82042a8d953bac02e6e520c6b2bf7614ef583c1515d113c2d9b9bfad50db2b9e29c1b9f2e5a3021f06cf248997ffcc0ab0f4b0751c8d6079f34321676a1d618e

  • SSDEEP

    24576:JuWbqRZB+UifIPqY7rI8N7OT0VFX2DOf:Ju12UHlag

Score
10/10
modiloaderdiscoverypersistencetrojan

Malware Config

Targets

    • Target

      MP-SOLUTIONS___CONTROLS_PRIVATE_LIMITED_Quotation_2024_25_VIAS1059,pdf.exe

    • Size

      1.2MB

    • MD5

      aceeae542b9094280522fbcee2e3ba47

    • SHA1

      2296d2f45acce0fd53d846c8806d2b90b6e3f17a

    • SHA256

      e82f7b5f186e8dee9521eddab70ef2568e8b15850865ea48417042be9b334bc0

    • SHA512

      0af9543a228419897ff6385ec1f74128bc5c087fd6d010e141386d62d0a6448501c7955f5c8c06fa9bf70e421928708d19a58c0be7bcd63f0b4d4558114f678e

    • SSDEEP

      24576:6uWbqRZB+UifIPqY7rI8N7OT0VFX2DOf:6u12UHlag

    Score
    10/10
    modiloaderdiscoverypersistencetrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Modiloader family

      modiloader

    • ModiLoader Second Stage

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks