modiloader | 773a7b6da3993d34fe9593573317031ac5ae7f66ead9d8b0366274094bbe9c5a | Triage

Submit
Reports

Overview

overview

Static

static

Purchase-O...74.exe

windows7-x64

Purchase-O...74.exe

windows10-2004-x64

Sharing

General

Target

Purchase-Order737883874.exe
Size

996KB
Sample

220803-kgtmlsacbk
MD5

3bebbabe7d62c8cac4f81ad6075a1b98
SHA1

36ecddf9dac8b14220b3669c5061c9e747cf798c
SHA256

773a7b6da3993d34fe9593573317031ac5ae7f66ead9d8b0366274094bbe9c5a
SHA512

fad9b281da8f44d646d53477558c659afe168e13084a4b7aae50a9e84732841543cf1ad526c8f5001354df3fafe3e323a52292e0170591ef7fc9fd4c035b6d5d

Score

10^/10

modiloader persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

Purchase-Order737883874.exe

Resource

win7-20220715-en

modiloader persistence trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

Purchase-Order737883874.exe

Resource

win10v2004-20220721-en

modiloader persistence trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  Purchase-Order737883874.exe
- Size
  
  996KB
- MD5
  
  3bebbabe7d62c8cac4f81ad6075a1b98
- SHA1
  
  36ecddf9dac8b14220b3669c5061c9e747cf798c
- SHA256
  
  773a7b6da3993d34fe9593573317031ac5ae7f66ead9d8b0366274094bbe9c5a
- SHA512
  
  fad9b281da8f44d646d53477558c659afe168e13084a4b7aae50a9e84732841543cf1ad526c8f5001354df3fafe3e323a52292e0170591ef7fc9fd4c035b6d5d
Score

10^/10

modiloader persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

modiloaderpersistencetrojan

behavioral2

modiloaderpersistencetrojan

© 2018-2024

Terms | Privacy