Overview

overview

10

Static

static

1

PO-9506.cmd

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    03042025_1757_02042025_PO-9506.Tar

  • Size

    1.3MB

  • Sample

    250403-wjnpxs1vh1

  • MD5

    e2c8f4f3f486f741ef4913ea3a7edac2

  • SHA1

    af6acca7b3ad31ce751e1de3185a84324da88aaa

  • SHA256

    e8eb3526b7e352cdbe94b44651ea9b207132b373c9f2bf8a4b4896ef8c7e2172

  • SHA512

    40a7cff1ec7ec49cfeea58339f78a16dc598154eb8539f93e35fd28c1d7035efe42a7cbb3d73f7b79e9416e8d9ee7629c167839814c4d3791441dc383b2ef8c9

  • SSDEEP

    24576:bFBDIIAkKEhfDn1Fayl8StSsny5rFCy2jHY9t16wJK0wb6:p0kNh7n1XO5ZT2j49z6wU0wb6

Score
10/10
modiloaderdiscoveryexecutiontrojan

Malware Config

Targets

    • Target

      PO-9506.cmd

    • Size

      4.4MB

    • MD5

      d7215102a651459143058b38d3580576

    • SHA1

      a54aaff86d8cdb38909544139b2724aa541af872

    • SHA256

      da48fc51f47484fa7da8d5f4891e2bb3870f3c421c380ff02a528eb103e15b98

    • SHA512

      895f9661855a519fae6331e4962000cbd2fbb9d02e9e9581e05ad853a034e8cf2c454c1fd2fcdbf7b40b4c99af1f557053b70c82cfd10e668fc5a1651e5ab60b

    • SSDEEP

      49152:JOZm8FVOULlD5339WohAx713/7kFxfvZ3cGR7RPL9lXRk:f

    Score
    10/10
    modiloaderdiscoveryexecutiontrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Modiloader family

      modiloader

    • ModiLoader Second Stage

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks