Overview

overview

10

Static

static

3

HSBC_PAY.SCR.exe

windows7-x64

10

HSBC_PAY.SCR.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    HSBC_PAY.SCR.exe

  • Size

    987KB

  • Sample

    250103-xracya1mgq

  • MD5

    23b640cc7b2cff45ceef1c718e7095e0

  • SHA1

    dcb684e452d59af4b1bc7b5de4bdccd2b82a967b

  • SHA256

    bfc7a921cd679ab7d693e30c552e352a7c564a75ec7e60b25960c63ae9067938

  • SHA512

    1c77efd15a2b3dc3e74d8c808cbcbb15122699754169616e68ea024845447eacfef18b3358ed4d4ca397239f1ed9c9162cd568766baff5732c83f65f8293740d

  • SSDEEP

    12288:STHHBp6sm4kri5y5dnjxfJz+V3pr+Tykm9W9LDFo+hjr0ls5PsY9Dv7QC:SThoLrimdnjxxwZAk65PvHL

Score
10/10
modiloaderdiscoverypersistencetrojan

Malware Config

Targets

    • Target

      HSBC_PAY.SCR.exe

    • Size

      987KB

    • MD5

      23b640cc7b2cff45ceef1c718e7095e0

    • SHA1

      dcb684e452d59af4b1bc7b5de4bdccd2b82a967b

    • SHA256

      bfc7a921cd679ab7d693e30c552e352a7c564a75ec7e60b25960c63ae9067938

    • SHA512

      1c77efd15a2b3dc3e74d8c808cbcbb15122699754169616e68ea024845447eacfef18b3358ed4d4ca397239f1ed9c9162cd568766baff5732c83f65f8293740d

    • SSDEEP

      12288:STHHBp6sm4kri5y5dnjxfJz+V3pr+Tykm9W9LDFo+hjr0ls5PsY9Dv7QC:SThoLrimdnjxxwZAk65PvHL

    Score
    10/10
    modiloaderdiscoverypersistencetrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Modiloader family

      modiloader

    • ModiLoader Second Stage

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks