Overview

overview

10

Static

static

10

executor.zip

windows10-2004-x64

1

Bloxstrap-v2.7.0.exe

windows10-2004-x64

7

BootstrapperV1.14.exe

windows10-2004-x64

10

readme.txt

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    executor.zip

  • Size

    4.3MB

  • Sample

    250404-n7kzyawvdt

  • MD5

    d17c35a0cefd60807be8cbfee2294a44

  • SHA1

    630a90345d4f309d817d4a40701c8239395c9006

  • SHA256

    4410fd44f9c8afef8f62d88ed72d3992332e3d8b27bff4652ef7c27cf2f70d09

  • SHA512

    30f4cdfa70679182f511596cf314e88252436de35ac68b7761f128eeab7c236b1226ae66914963d5fecf77562fcbcb7c31b4c00cc0795977596851fefef5462a

  • SSDEEP

    98304:wGrQP4z/ZqNJhUVhPKPQmyenapcLx65JA2HwFPK9dbqYZtdR+Wic:wGrU4zxqExNle2+xUr9dbnZtD+WZ

Score
10/10
modiloaderdefense_evasiondiscoverypersistencetrojan

Malware Config

Targets

    • Target

      executor.zip

    • Size

      4.3MB

    • MD5

      d17c35a0cefd60807be8cbfee2294a44

    • SHA1

      630a90345d4f309d817d4a40701c8239395c9006

    • SHA256

      4410fd44f9c8afef8f62d88ed72d3992332e3d8b27bff4652ef7c27cf2f70d09

    • SHA512

      30f4cdfa70679182f511596cf314e88252436de35ac68b7761f128eeab7c236b1226ae66914963d5fecf77562fcbcb7c31b4c00cc0795977596851fefef5462a

    • SSDEEP

      98304:wGrQP4z/ZqNJhUVhPKPQmyenapcLx65JA2HwFPK9dbqYZtdR+Wic:wGrU4zxqExNle2+xUr9dbnZtD+WZ

    Score
    1/10
    behavioral1

    • Target

      Bloxstrap-v2.7.0.exe

    • Size

      10.1MB

    • MD5

      2c752edef5b0aa0962a3e01c4c82a2fa

    • SHA1

      9c3afd1c63f2b0dbdc2dc487709471222d2cb81e

    • SHA256

      891846bf656253ca1cdd28584a28681e9604e2a03d74cd6b99313e3bff11daf8

    • SHA512

      04d25fe7d40c8c320ffc545a038ad6ea458df6a8a552b0e0393b369a03b9bf273c72f30169bd54e8eb10757c04bdddf3859c601c1eb9e1a12fe4d15658906dfe

    • SSDEEP

      98304:TYd5DQd5Dk9Tsed5DogTrBKvGWD3nIOYoHwfLk3vSmaR0+Mc4AN0edaAHDfysrT4:Tasx3vG6IObAbN0T

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral2

    • Target

      BootstrapperV1.14.exe

    • Size

      421KB

    • MD5

      17020d673c9355ed597bf69dddbd0b68

    • SHA1

      b524e4e65526e8cf65b6ea60c080b60ad738a44c

    • SHA256

      b70a30f72b328ae08926a668d94bbf15c45abc50e57667a3d9ab6d61fa4c417b

    • SHA512

      ade8acdbb7a689351b57ed02d89aa03b9ed15b7dfff84b99fc5a7d365f34467a8f4f60ad82fc05ea0fc95aee99c5a00ada53bf1ce1f2bf7f0ee6d1ea7e98ffb4

    • SSDEEP

      6144:hLy84u9nSO2GjZkD10BIY3rb1YfBdfpoZ3u/Ht52w6JSeiFPXouPhG:p+u9nx2GjMY3XKfd/H/9PrPhG

    Score
    10/10
    modiloaderdefense_evasiondiscoverypersistencetrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Modiloader family

      modiloader

    • ModiLoader Second Stage

    • Executes dropped EXE

    • Impair Defenses: Safe Mode Boot

      defense_evasion

    • Adds Run key to start application

      persistence
    behavioral3

    • Target

      readme.txt

    • Size

      237B

    • MD5

      4705d304bdd3882202fb7d47bfbb6b65

    • SHA1

      6177b3db5fc0ea4cfb1c9e5ee4e17c8dbd779cc6

    • SHA256

      310fd17ebc2facb45116dfb596f84910ab384324704140b7752f8fac56642613

    • SHA512

      0c8de8ce8dfceb82d0ecefe41c499022acda8dc42054947760c3a9d79d990aa3d58dd0a49633e2ee5db7e9db5d9ae963568f0ba28c69fe94aa37ed2da8a0abec

    Score
    1/10
    behavioral4

MITRE ATT&CK Enterprise v15

Tasks