modiloader | a9ddc02db6ca7df77bc719734f029da5b818604873f0bc7cef9664fdce1e7326 | Triage

Submit
Reports

Overview

overview

Static

static

136633e5ae...d0.exe

windows7-x64

136633e5ae...d0.exe

windows10-2004-x64

Sharing

General

Target

136633e5ae4f13410bac27584c3108d0.exe
Size

37KB
Sample

220930-k7h9kaeacq
MD5

136633e5ae4f13410bac27584c3108d0
SHA1

58c72d9cc3c79877feb6946da1584e448c8791b6
SHA256

a9ddc02db6ca7df77bc719734f029da5b818604873f0bc7cef9664fdce1e7326
SHA512

7c5267a23b2d9bba779dec3465c76df5e3a89f1f933f9644bccce0245b80b03e08db3639d63b90cb440c7e9f45072eea9d95d4815cf5c62668c5f69b17ca8c83
SSDEEP

384:LalqiU154NLHdayszHtyPpzsobO7krAF+rMRTyN/0L+EcoinblneHQM3epzX1Nr9:u/ZdJszHtyxVOIrM+rMRa8NurVt

Score

10^/10

modiloader njrat hacked evasion persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

136633e5ae4f13410bac27584c3108d0.exe

Resource

win7-20220901-en

modiloader evasion persistence trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

136633e5ae4f13410bac27584c3108d0.exe

Resource

win10v2004-20220812-en

modiloader evasion persistence trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

njrat

Version

im523

Botnet

HacKed

C2

girls-definitely.at.playit.gg:37677

Mutex

2bc9c3501521d589c5326debb3744676

Attributes

reg_key
2bc9c3501521d589c5326debb3744676
splitter
|'|'|

Targets

- Target
  
  136633e5ae4f13410bac27584c3108d0.exe
- Size
  
  37KB
- MD5
  
  136633e5ae4f13410bac27584c3108d0
- SHA1
  
  58c72d9cc3c79877feb6946da1584e448c8791b6
- SHA256
  
  a9ddc02db6ca7df77bc719734f029da5b818604873f0bc7cef9664fdce1e7326
- SHA512
  
  7c5267a23b2d9bba779dec3465c76df5e3a89f1f933f9644bccce0245b80b03e08db3639d63b90cb440c7e9f45072eea9d95d4815cf5c62668c5f69b17ca8c83
- SSDEEP
  
  384:LalqiU154NLHdayszHtyPpzsobO7krAF+rMRTyN/0L+EcoinblneHQM3epzX1Nr9:u/ZdJszHtyxVOIrM+rMRa8NurVt
Score

10^/10

modiloader evasion persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Registry Run Keys / Startup Folder

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

modiloaderevasionpersistencetrojan

behavioral2

modiloaderevasionpersistencetrojan

© 2018-2024

Terms | Privacy