modiloader | 25293848f280e7c411e41b50f30e780388fbff268cdfb5d230fda45fbc911b6b

General

Target

6d06e702cc1663f928525b277c7271d2.exe
Size

958KB
MD5

6d06e702cc1663f928525b277c7271d2
SHA1

9f4978bad5e505fdf91c2c1c8935f6d2f83b53ac
SHA256

25293848f280e7c411e41b50f30e780388fbff268cdfb5d230fda45fbc911b6b
SHA512

7724cf8c048434eb390e1ca88bde4f030d143b9e7713706bb080681dd751ad105abdc5c76c79ca24ffa65ffca98c4dd9442df57ffc92c76027f8bc08137caa6a
SSDEEP

24576:MrTz0kNGlNCc5Ftkku4nzSrSdN40JIyE9WDvk:MrT4LN9Ftkku4nzSrSdmWbaW

Score

10^/10

modiloader trojan

Malware Config

Signatures

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader

ModiLoader Second Stage 46 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1612-57-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-59-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-58-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-60-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-61-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-62-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-63-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-64-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-65-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-66-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-67-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-68-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-69-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-70-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-71-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-72-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-73-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-74-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-75-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-76-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-77-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-78-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-79-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-80-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-81-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-82-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-83-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-84-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-85-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-86-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-87-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-88-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-89-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-90-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-91-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-92-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-93-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-94-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-95-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-96-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-97-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-98-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-99-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-100-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-101-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-102-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\6d06e702cc1663f928525b277c7271d2.exe
"C:\Users\Admin\AppData\Local\Temp\6d06e702cc1663f928525b277c7271d2.exe"
1⤵
PID:1612

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1612-54-0x0000000076681000-0x0000000076683000-memory.dmp

Filesize
8KB

Download
memory/1612-57-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-59-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-58-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-60-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-61-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-62-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-63-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-64-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-65-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-66-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-67-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-68-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-69-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-70-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-71-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-72-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-73-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-74-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-75-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-76-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-77-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-78-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-79-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-80-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-81-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-82-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-83-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-84-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-85-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-86-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-87-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-88-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-89-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-90-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-91-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-92-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-93-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-94-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-95-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-96-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-97-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-98-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-99-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-100-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-101-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-102-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download

Analysis

Sharing