modiloader | 47362bdf98d40124a5be66bb91e83584bb8a1d9ce57e830ff44016268f468e3f | Triage

Analysis

max time kernel
143s
max time network
36s
platform
windows7_x64
resource
win7v20201028
submitted
20-12-2020 10:49

Sharing

Report Analysis Logs

General

Target

47362bdf98d40124a5be66bb91e83584bb8a1d9ce57e830ff44016268f468e3f.exe
Size

1.1MB
MD5

e19a67563628389a2e10b449744c1547
SHA1

fc1a245c5edd9e3dc3f140c744017464cefeb70b
SHA256

47362bdf98d40124a5be66bb91e83584bb8a1d9ce57e830ff44016268f468e3f
SHA512

2cae72ad25db935d2099fe5bdfb2359a5d9c499cf4934c2e6158baeb39971fa43f063c79a2fa7d3d5423d3928384b7b52be5607f07dba992a4d4059438efedd3

Score

10^/10

modiloader trojan

Malware Config

Signatures

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader

ModiLoader First Stage 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/748-2-0x0000000002CD0000-0x0000000002D46000-memory.dmp	modiloader_stage1

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

47362bdf98d40124a5be66bb91e83584bb8a1d9ce57e830ff44016268f468e3f.exe

pid process

748 47362bdf98d40124a5be66bb91e83584bb8a1d9ce57e830ff44016268f468e3f.exe

C:\Users\Admin\AppData\Local\Temp\47362bdf98d40124a5be66bb91e83584bb8a1d9ce57e830ff44016268f468e3f.exe
"C:\Users\Admin\AppData\Local\Temp\47362bdf98d40124a5be66bb91e83584bb8a1d9ce57e830ff44016268f468e3f.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:748

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/748-2-0x0000000002CD0000-0x0000000002D46000-memory.dmp

Filesize
472KB

Download