modiloader | 4f62bc0a78728dc3d6d35cdf6771c1407185700f4235768ca32941d3ed4ed5e7 | Triage

Submit
Reports

Overview

overview

Static

static

4f62bc0a78...e7.exe

windows7-x64

4f62bc0a78...e7.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

4f62bc0a78728dc3d6d35cdf6771c1407185700f4235768ca32941d3ed4ed5e7
Size

431KB
Sample

221001-2qjbnsbhbq
MD5

6d08c56a6603c26396f06a90c99c0c15
SHA1

5145f99ac3eebecc6fd11e34b5965ed2e1ae930c
SHA256

4f62bc0a78728dc3d6d35cdf6771c1407185700f4235768ca32941d3ed4ed5e7
SHA512

187439ccd4217b01ff92c7ffb0b4bb8a8116ca9a33de55ad28b6cfae4be521f8ce434bf5f5f488f51d1bc32e6f6c198237e67765c1d85b4b77695bb25470c401
SSDEEP

12288:ma/2anFpagJtRoqt2oFDGcHGjeskqkjQG:ma/tnGQt2oFDG95kL

Score

10^/10

modiloader trojan

Static task

static1

Behavioral task

behavioral1

Sample

4f62bc0a78728dc3d6d35cdf6771c1407185700f4235768ca32941d3ed4ed5e7.exe

Resource

win7-20220812-en

modiloader trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

4f62bc0a78728dc3d6d35cdf6771c1407185700f4235768ca32941d3ed4ed5e7.exe

Resource

win10v2004-20220812-en

modiloader trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  4f62bc0a78728dc3d6d35cdf6771c1407185700f4235768ca32941d3ed4ed5e7
- Size
  
  431KB
- MD5
  
  6d08c56a6603c26396f06a90c99c0c15
- SHA1
  
  5145f99ac3eebecc6fd11e34b5965ed2e1ae930c
- SHA256
  
  4f62bc0a78728dc3d6d35cdf6771c1407185700f4235768ca32941d3ed4ed5e7
- SHA512
  
  187439ccd4217b01ff92c7ffb0b4bb8a8116ca9a33de55ad28b6cfae4be521f8ce434bf5f5f488f51d1bc32e6f6c198237e67765c1d85b4b77695bb25470c401
- SSDEEP
  
  12288:ma/2anFpagJtRoqt2oFDGcHGjeskqkjQG:ma/tnGQt2oFDG95kL
Score

10^/10

modiloader trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- ModiLoader Second Stage
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloadertrojan

behavioral2

modiloadertrojan

© 2018-2025

Terms | Privacy