Overview

overview

10

Static

static

8

ENQ-0092025.doc

windows7-x64

10

ENQ-0092025.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ENQ-0092025.doc

  • Size

    143KB

  • Sample

    250107-pjbl2a1kby

  • MD5

    3db6baf168cecc916012a59b6530175a

  • SHA1

    7d74c680b09f982271a50483ce350a5b3d9a0996

  • SHA256

    96882b077a607f34cd963461341d728982e2075ffd4891f1b91e915da904cfe0

  • SHA512

    5a4b22f622559b8db815b1dc8cfa206eb433e55541de7d2540bd786703a0a418d03d1b657bcbdf9ceff74c863a1c7e4d324e3a555fd66d0905034ccdf5d677c5

  • SSDEEP

    1536:F7dgmjjy2lQkySTUb2roegTK+g9WomfaQjSqttJnkL5mS9kBwNR42qe3/w:FZPjbTU+J799IjSqtteL5N9kBF27

Score
10/10
modiloaderdiscoverymacromacro_on_actionpersistencetrojan

Malware Config

Targets

    • Target

      ENQ-0092025.doc

    • Size

      143KB

    • MD5

      3db6baf168cecc916012a59b6530175a

    • SHA1

      7d74c680b09f982271a50483ce350a5b3d9a0996

    • SHA256

      96882b077a607f34cd963461341d728982e2075ffd4891f1b91e915da904cfe0

    • SHA512

      5a4b22f622559b8db815b1dc8cfa206eb433e55541de7d2540bd786703a0a418d03d1b657bcbdf9ceff74c863a1c7e4d324e3a555fd66d0905034ccdf5d677c5

    • SSDEEP

      1536:F7dgmjjy2lQkySTUb2roegTK+g9WomfaQjSqttJnkL5mS9kBwNR42qe3/w:FZPjbTU+J799IjSqtteL5N9kBF27

    Score
    10/10
    modiloaderdiscoverypersistencetrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Modiloader family

      modiloader

    • ModiLoader Second Stage

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks