modiloader | 25293848f280e7c411e41b50f30e780388fbff268cdfb5d230fda45fbc911b6b

Analysis

max time kernel
142s
max time network
150s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29-08-2022 08:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6d06e702cc1663f928525b277c7271d2.exe
Size

958KB
MD5

6d06e702cc1663f928525b277c7271d2
SHA1

9f4978bad5e505fdf91c2c1c8935f6d2f83b53ac
SHA256

25293848f280e7c411e41b50f30e780388fbff268cdfb5d230fda45fbc911b6b
SHA512

7724cf8c048434eb390e1ca88bde4f030d143b9e7713706bb080681dd751ad105abdc5c76c79ca24ffa65ffca98c4dd9442df57ffc92c76027f8bc08137caa6a
SSDEEP

24576:MrTz0kNGlNCc5Ftkku4nzSrSdN40JIyE9WDvk:MrT4LN9Ftkku4nzSrSdmWbaW

Score

10^/10

modiloader trojan

Malware Config

Signatures

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader

ModiLoader Second Stage 46 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1612-57-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-59-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-58-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-60-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-61-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-62-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-63-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-64-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-65-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-66-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-67-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-68-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-69-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-70-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-71-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-72-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-73-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-74-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-75-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-76-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-77-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-78-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-79-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-80-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-81-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-82-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-83-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-84-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-85-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-86-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-87-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-88-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-89-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-90-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-91-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-92-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-93-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-94-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-95-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-96-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-97-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-98-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-99-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-100-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-101-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2
behavioral1/memory/1612-102-0x00000000031A0000-0x00000000031F6000-memory.dmp	modiloader_stage2

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\6d06e702cc1663f928525b277c7271d2.exe
"C:\Users\Admin\AppData\Local\Temp\6d06e702cc1663f928525b277c7271d2.exe"
1⤵
PID:1612

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1612-54-0x0000000076681000-0x0000000076683000-memory.dmp

Filesize
8KB

Download
memory/1612-57-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-59-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-58-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-60-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-61-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-62-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-63-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-64-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-65-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-66-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-67-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-68-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-69-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-70-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-71-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-72-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-73-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-74-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-75-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-76-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-77-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-78-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-79-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-80-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-81-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-82-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-83-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-84-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-85-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-86-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-87-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-88-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-89-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-90-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-91-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-92-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-93-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-94-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-95-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-96-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-97-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-98-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-99-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-100-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-101-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download
memory/1612-102-0x00000000031A0000-0x00000000031F6000-memory.dmp

Filesize
344KB

Download