Overview

overview

10

Static

static

3

REQUIRED-O...LS.exe

windows7-x64

10

REQUIRED-O...LS.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    OrdineFornitoreSpettacolo.rar

  • Size

    388KB

  • Sample

    250120-scbv1avnaq

  • MD5

    b2a400a3fa37b134b15a8fb2adddbabd

  • SHA1

    c95802cc06e4090620ead7cbcf406b770b5d28d1

  • SHA256

    28f65d35c943b4c943355e366e624c9a631aed4a964b97aa7d7468f15ec71d0d

  • SHA512

    aefa75240d08f602d6266ec4965b62bf6ce02cc13c3f2caa8d7341ffb08d785dfbb5b3b184c9f417b6c5871a62885292818efd24211192ff6531eda0a2fbad9c

  • SSDEEP

    6144:EccXkf0yyyIlaWf8+3VD/uIvPVuI0c6IIsHVjxc9K0KHoiVZ4VfFMH6bDs3OurtD:EFXkfHxk8+FDm+0HxsHVIVl84VtRw24j

Score
10/10
modiloaderdiscoverypersistencetrojan

Malware Config

Targets

    • Target

      REQUIRED-ORDER-SETAILS.exe

    • Size

      973KB

    • MD5

      c67c61c88599a7c48fce6f41d2f824af

    • SHA1

      774d18c58980225ed4321ad479b0e7a45ab84efa

    • SHA256

      b307218533a96ecefbdab4fad0dec64baec07ef261e7985b899a4c43b1325892

    • SHA512

      3f155a898a5222339acc7ea69abe6d21f87647473f98a0ee88f12a6a41ee9fd615f3163a46d6518c31d5c8360586acf4c08798a2faa0e924bb7062a587fe14c8

    • SSDEEP

      24576:bBVRVxmQEkZkjSnbyewh+lMewKe9X7yxw7IYNoIjSst8H2se:bBmB+Q+SJwxw7IYNbjSi8H2se

    Score
    10/10
    modiloaderdiscoverypersistencetrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Modiloader family

      modiloader

    • ModiLoader Second Stage

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks