modiloader | dc98a0ec2bd10d57e6cac8a065ed946a74c4d832b3c9116cf9c9813c0625be3f | Triage

Submit
Reports

Overview

overview

Static

static

7

dc98a0ec2b...3f.exe

windows7-x64

dc98a0ec2b...3f.exe

windows10-2004-x64

7

Sharing

General

Target

dc98a0ec2bd10d57e6cac8a065ed946a74c4d832b3c9116cf9c9813c0625be3f
Size

1.5MB
Sample

220718-rj5k8afbcj
MD5

5196065aed6cdfaaa32ddcc40bcae9c3
SHA1

e03659dcd60b1b79532c6a23e0e1eaeb37a35cea
SHA256

dc98a0ec2bd10d57e6cac8a065ed946a74c4d832b3c9116cf9c9813c0625be3f
SHA512

93b363b18745586d650d8fb1ee989ec83741e304758befc3734fc35b0c50e991ed9bd7145620c745afa989ea277a1f5c39565e85532f79cf1ae27525951661bc

Score

10^/10

modiloader evasion themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

dc98a0ec2bd10d57e6cac8a065ed946a74c4d832b3c9116cf9c9813c0625be3f.exe

Resource

win7-20220718-en

modiloader evasion themida trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

dc98a0ec2bd10d57e6cac8a065ed946a74c4d832b3c9116cf9c9813c0625be3f.exe

Resource

win10v2004-20220718-en

evasion themida

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Targets

- Target
  
  dc98a0ec2bd10d57e6cac8a065ed946a74c4d832b3c9116cf9c9813c0625be3f
- Size
  
  1.5MB
- MD5
  
  5196065aed6cdfaaa32ddcc40bcae9c3
- SHA1
  
  e03659dcd60b1b79532c6a23e0e1eaeb37a35cea
- SHA256
  
  dc98a0ec2bd10d57e6cac8a065ed946a74c4d832b3c9116cf9c9813c0625be3f
- SHA512
  
  93b363b18745586d650d8fb1ee989ec83741e304758befc3734fc35b0c50e991ed9bd7145620c745afa989ea277a1f5c39565e85532f79cf1ae27525951661bc
Score

10^/10

modiloader evasion themida trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Executes dropped EXE
- Deletes itself
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

modiloaderevasionthemidatrojan

behavioral2

© 2018-2024

Terms | Privacy