Overview

overview

10

Static

static

3

sihost.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    sihost.exe

  • Size

    1.6MB

  • Sample

    250402-ag29ms1jx7

  • MD5

    d245c0efade78fbe55c9d537732dc8fb

  • SHA1

    339657894338cfa9ee994e440443d4fc7ef75368

  • SHA256

    860bb4fd3607ebdb177d9732653f9baeff86192cdf7874c5824ab37b9b61013d

  • SHA512

    562e31c22abf83d57785a5506025847e18a652765f4086ebc1c199b751eeb184a85e9d0ec08289fea1b6beeda0b94e2195a46702aa643ba4f3558a4023af2268

  • SSDEEP

    24576:OkCIwKMTJndSh1pBOjgqDx/u09mNfRWqERWsyI7RHc+Ow57pca5eBZq7W71p0Z3a:OkCzgEHDafT2bW+OwcMeTq72LU

Score
10/10
modiloadercollectiondiscoverytrojan

Malware Config

Targets

    • Target

      sihost.exe

    • Size

      1.6MB

    • MD5

      d245c0efade78fbe55c9d537732dc8fb

    • SHA1

      339657894338cfa9ee994e440443d4fc7ef75368

    • SHA256

      860bb4fd3607ebdb177d9732653f9baeff86192cdf7874c5824ab37b9b61013d

    • SHA512

      562e31c22abf83d57785a5506025847e18a652765f4086ebc1c199b751eeb184a85e9d0ec08289fea1b6beeda0b94e2195a46702aa643ba4f3558a4023af2268

    • SSDEEP

      24576:OkCIwKMTJndSh1pBOjgqDx/u09mNfRWqERWsyI7RHc+Ow57pca5eBZq7W71p0Z3a:OkCzgEHDafT2bW+OwcMeTq72LU

    Score
    10/10
    modiloadercollectiondiscoverytrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Modiloader family

      modiloader

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Accesses Microsoft Outlook accounts

      collection

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks