Modiloader From Obfuscated Batch File - SANS Internet Storm Center
Tags
| attack-pattern: | Data Dns - T1071.004 Dns - T1590.002 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 |
Common Information
| Type | Value |
|---|---|
| UUID | 8b807b8d-8f2f-4ce3-869f-39ed52c5a1d0 |
| Fingerprint | 3484a1273f9e4e9f |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Dec. 23, 2024, midnight |
| Added to db | Dec. 23, 2024, 9:13 a.m. |
| Last updated | Dec. 23, 2024, 11:19 a.m. |
| Headline | Internet Storm Center |
| Title | Modiloader From Obfuscated Batch File - SANS Internet Storm Center |
| Detected Hints/Tags/Attributes | 26/1/24 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://isc.sans.edu/diary/rss/31540 |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 142 | ✔ | SANS Internet Storm Center, InfoCON: green | https://isc.sans.edu/rssfeed_full.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | spoolsv.com |
|
| Details | Domain | 1 | swamfoxinnc.com |
|
| Details | Domain | 240 | learn.microsoft.com |
|
| Details | Domain | 102 | malpedia.caad.fkie.fraunhofer.de |
|
| Details | File | 1 | albertsons_payment.gz |
|
| Details | File | 1 | chine_ana22893d347515193d264135ff38996037ff515169loodatke.png |
|
| Details | File | 12 | extrac32.exe |
|
| Details | File | 2335 | cmd.exe |
|
| Details | File | 437 | c:\windows\system32\cmd.exe |
|
| Details | File | 1 | c:\users\public\alpha.exe |
|
| Details | File | 249 | certutil.exe |
|
| Details | File | 11 | c:\windows\system32\certutil.exe |
|
| Details | File | 1 | c:\users\public\kn.exe |
|
| Details | File | 1 | c:\\users\\public\\spoolsv.mpeg |
|
| Details | File | 1 | c:\users\public\spoolsv.mpeg |
|
| Details | File | 2 | win.db |
|
| Details | md5 | 1 | dc156637aebf04336700a9bc71c78aad |
|
| Details | md5 | 1 | 7cd592cb2f2179e188e9e99cb7c06bba |
|
| Details | md5 | 1 | 7afcba92a35ba26fcde12f3aba8ff7d8 |
|
| Details | sha256 | 1 | baa12b649fddd77ef62ecd2b3169fab9bb5fbe78404175485f9a7fb48dc4456d |
|
| Details | Url | 1 | https://swamfoxinnc.com/233_svcrhpjadgy. |
|
| Details | Url | 1 | https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/extract |
|
| Details | Url | 1 | https://www.virustotal.com/gui/file/baa12b649fddd77ef62ecd2b3169fab9bb5fbe78404175485f9a7fb48dc4456d |
|
| Details | Url | 2 | https://malpedia.caad.fkie.fraunhofer.de/details/win.dbatloader |