modiloader | 51a4e8aca18a943cdbe7bfd95c029f01f6088f92d168b2a266c259756e5757ec | Triage

Submit
Reports

Overview

overview

Static

static

51a4e8aca1...ec.exe

windows7-x64

51a4e8aca1...ec.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

51a4e8aca18a943cdbe7bfd95c029f01f6088f92d168b2a266c259756e5757ec
Size

260KB
Sample

220919-dj4r2ahean
MD5

34aa6f662092d759b357345a058bde51
SHA1

52cd5060b7e7040dfb6bd650d0a292cc3f80a7ec
SHA256

51a4e8aca18a943cdbe7bfd95c029f01f6088f92d168b2a266c259756e5757ec
SHA512

a1b1d4f640fcdbc1349b0704588ca9ab47bf6aee66744c712f2798cf6135120711b2d8abc5f50ddf4bfb4a96e81df730c4346184cc3e8b1e1edd933e37154031
SSDEEP

3072:DFEr4jgsR1Em5jchp+y2h9ZSd/rSINGZ+Rb4QYHVjgLZFm8ewMtAjns5e7FTV1Eq:DFmCR1qpzaiUlZRjgFnewMtAjn3Gps7

Score

10^/10

modiloader persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

51a4e8aca18a943cdbe7bfd95c029f01f6088f92d168b2a266c259756e5757ec.exe

Resource

win7-20220812-en

modiloader persistence trojan upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

51a4e8aca18a943cdbe7bfd95c029f01f6088f92d168b2a266c259756e5757ec.exe

Resource

win10v2004-20220812-en

modiloader persistence trojan upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  51a4e8aca18a943cdbe7bfd95c029f01f6088f92d168b2a266c259756e5757ec
- Size
  
  260KB
- MD5
  
  34aa6f662092d759b357345a058bde51
- SHA1
  
  52cd5060b7e7040dfb6bd650d0a292cc3f80a7ec
- SHA256
  
  51a4e8aca18a943cdbe7bfd95c029f01f6088f92d168b2a266c259756e5757ec
- SHA512
  
  a1b1d4f640fcdbc1349b0704588ca9ab47bf6aee66744c712f2798cf6135120711b2d8abc5f50ddf4bfb4a96e81df730c4346184cc3e8b1e1edd933e37154031
- SSDEEP
  
  3072:DFEr4jgsR1Em5jchp+y2h9ZSd/rSINGZ+Rb4QYHVjgLZFm8ewMtAjns5e7FTV1Eq:DFmCR1qpzaiUlZRjgFnewMtAjn3Gps7
Score

10^/10

modiloader persistence trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies WinLogon for persistence
  persistence
- ModiLoader Second Stage
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderpersistencetrojanupx

behavioral2

modiloaderpersistencetrojanupx

© 2018-2025

Terms | Privacy