modiloader | ac95153d7a46449984b704784dc870c7fd9bdb8809fc2e31ff5b5db2d1a53bc9 | Triage

Submit
Reports

Overview

overview

Static

static

SOA 25.07....e.docx

windows7-x64

SOA 25.07....e.docx

windows10-2004-x64

1

Sharing

General

Target

SOA 25.07.2022 - (OUTSTANDING_MARCH Till Date.docx
Size

72KB
Sample

220802-lqg6lseffq
MD5

950b9dddb59acefed85130122cff05c7
SHA1

e01b80f4e8ec62c5e24d0f02dedfd64003f18ac3
SHA256

ac95153d7a46449984b704784dc870c7fd9bdb8809fc2e31ff5b5db2d1a53bc9
SHA512

c3efc65a685d2e30346982321a5f452aa178a8a65c5ae7f3102789588cd6a3f6e76fe9e96ac5e2721948ed02b91f1468f8e9b358a2e544db69ae6c782dfed271

Score

10^/10

modiloader persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

SOA 25.07.2022 - (OUTSTANDING_MARCH Till Date.docx

Resource

win7-20220715-en

modiloader persistence trojan

windows7-x64

22 signatures

150 seconds

Behavioral task

behavioral2

Sample

SOA 25.07.2022 - (OUTSTANDING_MARCH Till Date.docx

Resource

win10v2004-20220721-en

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  SOA 25.07.2022 - (OUTSTANDING_MARCH Till Date.docx
- Size
  
  72KB
- MD5
  
  950b9dddb59acefed85130122cff05c7
- SHA1
  
  e01b80f4e8ec62c5e24d0f02dedfd64003f18ac3
- SHA256
  
  ac95153d7a46449984b704784dc870c7fd9bdb8809fc2e31ff5b5db2d1a53bc9
- SHA512
  
  c3efc65a685d2e30346982321a5f452aa178a8a65c5ae7f3102789588cd6a3f6e76fe9e96ac5e2721948ed02b91f1468f8e9b358a2e544db69ae6c782dfed271
Score

10^/10

modiloader persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Abuses OpenXML format to download file from external location
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Install Root Certificate

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

modiloaderpersistencetrojan

behavioral2

© 2018-2024

Terms | Privacy