modiloader | 8e72fd1c04393264f3bd534f18b8538d043106f892d08631b34bab3aabadbdaa | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

Krisha Vis...D.docx

windows7-x64

Krisha Vis...D.docx

windows10-2004-x64

1

Sharing

General

Target

267d9801a863aa26a1604e7e6d3a87ea
Size

14KB
Sample

220922-2h95escef6
MD5

267d9801a863aa26a1604e7e6d3a87ea
SHA1

546b6daf0a96503f68d36fb05ab3ebb937b5392d
SHA256

8e72fd1c04393264f3bd534f18b8538d043106f892d08631b34bab3aabadbdaa
SHA512

9fcb65c00df47f24d015a31a93ad0f65535539dc5f1abf38ba3cdb83d39a10807b7be97ce04e07913cfbd90c4b338cacc7b090f091876606c98abc0c8b21749a
SSDEEP

192:HYgD9/Fdq2gDq4IYouAp9WRIDufDfGaaNNMNQ8CfBYHzWwKzsTgfuvpjJZJ:TTqdUsqkvDlaKQSHCwKzs8QjJ/

Score

10^/10

modiloader trojan websettings

Static task

static1

Behavioral task

behavioral1

Sample

Krisha Vison-KOL-2223-01180-AMENDED.docx

Resource

win7-20220812-en

modiloader trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

Krisha Vison-KOL-2223-01180-AMENDED.docx

Resource

win10v2004-20220812-en

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Rule

Microsoft Office WebSettings Relationship

C2

http://1806450055/..---.---------------------.----_----_----_---------______--/......288.doc

Targets

- Target
  
  Krisha Vison-KOL-2223-01180-AMENDED.docx
- Size
  
  10KB
- MD5
  
  05fe20851e6f72d31d6147c937a5da98
- SHA1
  
  be102582e04deebd9c48cc3c75ee07ffb989a3af
- SHA256
  
  d8df07960071358246fa7078c9defe1e1f787303df3c931da89e4b291d61376e
- SHA512
  
  0ff1708c5cd74a0fd49d37eb2935b65a76b7efea1c2b2d9a3e6328522cdc4366cf859dd4ddb995cdcfeb61b948a16cb74769b5cf3121be159fb788d2c6891aab
- SSDEEP
  
  192:ScIMmtPf+CUG/bA3/w2O/wrdlJFmQDZ7rhhap308p:SPXumAO/wjJFmIZfhMFp
Score

10^/10

modiloader trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Abuses OpenXML format to download file from external location
- Loads dropped DLL
- Uses the VBS compiler for execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Exploitation for Client Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloadertrojan

behavioral2

© 2018-2025

Terms | Privacy