Overview

overview

10

Static

static

3

OEC ISF FO...ls.scr

windows10-2004-x64

10

OEC-GCE-25...SX.scr

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    31032025_1503_28032025_VGM - ISF - OEC-GCE-250326-Shipper Verified Gross Mass (VGM) Declaration Form (update) SO 1047.rar

  • Size

    1.8MB

  • Sample

    250331-sfagcavlz5

  • MD5

    fa57dce8c278a55605c7a8a34bb2a031

  • SHA1

    8fe87cce300a9caf1c1302f721d7171bf6e2f2a7

  • SHA256

    b348a713c55d0d911451f27598a25a6deb8d08386573f87f6ff672655ce89cbd

  • SHA512

    102e691f3c68fea6029b5335e21eb09df7ad50be0ec2c6c5ffd84bb7b36156a40cdd00cb931f5dbe86523a6ac47e8058f5194f3e6c589a60de34930ee6940f87

  • SSDEEP

    49152:UoE18XRQ5Z8Y70vSi0N70Q0jTTmPC05Cf3W0yUKA:t4z5Z8Y70q0vjTKJU3R

Score
10/10
modiloaderdiscoverypersistencetrojan

Malware Config

Targets

    • Target

      OEC ISF FORM-20250326-GCE SO 1047 - SO 1047 HBL # OERT101510Y00039.xls.scr

    • Size

      1.7MB

    • MD5

      1e95eb48d695afe91c047b6cddfe5bc8

    • SHA1

      1978c862031fc937077de8194c629a91caf68503

    • SHA256

      dbffd5f06f2ccb9ad414b070621591dfa2cc7c181f164371ebaf6d5a75f2f546

    • SHA512

      5cb2e3ce06c2ca758e26a064feab0c86af598b57feccfcac0ffece401d20d4e78b091106acb4e17fc6b6769a9832925ca8aa5de4746d772b70b8109e08109923

    • SSDEEP

      24576:7gvMTgfHxu3/ICpRODsFe6B8mx43wLCM+B4XsoY/L71zmNlY2P5B546/yC:7gnxg/y3M0BkS/LhzIlpP5B54s

    Score
    10/10
    modiloaderdiscoverypersistencetrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Modiloader family

      modiloader

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1

    • Target

      OEC-GCE-250326-Shipper Verified Gross Mass (VGM) Declaration Form (update) SO 1047.XLSX.scr

    • Size

      1.7MB

    • MD5

      2c2b7e9ce7165ee6107af23a344e0b83

    • SHA1

      243e4e9f14fe62eddd486127fa2a3e468abb7e36

    • SHA256

      7e40808321b27f4f1efe0972adc667ff4bd65c1ea4291dfae2925d3e222351e3

    • SHA512

      11128e395f8791ebe714bb20755bd7bf9ad257aba9a42612bb61760b2a26591d5483d2641b4afae50f0dd87231e28ff6ab96d2c9fbd61e3b6ee372be1f768391

    • SSDEEP

      24576:7gvMTgfHxu3/ICpRODsFe6B8mx438dDswEhMbHqJ1nBquARUKHWAT4roS8AXmn:7gnxg/y3wlEfJ1BqgK2ATmonAE

    Score
    10/10
    modiloaderdiscoverypersistencetrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Modiloader family

      modiloader

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral2

MITRE ATT&CK Enterprise v15

Tasks