modiloader | b061bbe895ab062043d4980e755eea721d5c5a4a666e989d964f1890d53b7af1 | Triage

Submit
Reports

Overview

overview

Static

static

document_office.rtf

windows7-x64

document_office.rtf

windows10-2004-x64

1

Sharing

General

Target

document_office.doc
Size

24KB
Sample

220802-mg3xdsfacl
MD5

8fba73bedafdacd14bc5f9a24fbd2876
SHA1

66344cc6bd38fcd883bbda4aafe31293c53eb6ea
SHA256

b061bbe895ab062043d4980e755eea721d5c5a4a666e989d964f1890d53b7af1
SHA512

6babf1b5d57dcd80aad70dafad53c0b1f5189a276a354d117548138774c8b94c1bf09cddc14bf6a62d6e0679b0311c6c86a22959cc11fd9e85afcc8335e6d2b7

Score

10^/10

modiloader persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

document_office.rtf

Resource

win7-20220715-en

modiloader persistence trojan

windows7-x64

23 signatures

150 seconds

Behavioral task

behavioral2

Sample

document_office.rtf

Resource

win10v2004-20220722-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  document_office.doc
- Size
  
  24KB
- MD5
  
  8fba73bedafdacd14bc5f9a24fbd2876
- SHA1
  
  66344cc6bd38fcd883bbda4aafe31293c53eb6ea
- SHA256
  
  b061bbe895ab062043d4980e755eea721d5c5a4a666e989d964f1890d53b7af1
- SHA512
  
  6babf1b5d57dcd80aad70dafad53c0b1f5189a276a354d117548138774c8b94c1bf09cddc14bf6a62d6e0679b0311c6c86a22959cc11fd9e85afcc8335e6d2b7
Score

10^/10

modiloader persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Install Root Certificate

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

modiloaderpersistencetrojan

behavioral2

© 2018-2024

Terms | Privacy