modiloader | 287fb833d1315f8abda3ee0904bdc50ae4c653ba3bf6e3e1f34381ef49fc289a | Triage

Submit
Reports

Overview

overview

Static

static

287fb833d1...9a.exe

windows7-x64

287fb833d1...9a.exe

windows10-2004-x64

Sharing

General

Target

287fb833d1315f8abda3ee0904bdc50ae4c653ba3bf6e3e1f34381ef49fc289a
Size

137KB
Sample

221003-3j5f1acda3
MD5

63db82e91b3204033c4e8caef9e8a6cb
SHA1

ff9a173c73deea123031bf0cec649b75cef49c1f
SHA256

287fb833d1315f8abda3ee0904bdc50ae4c653ba3bf6e3e1f34381ef49fc289a
SHA512

eef67489b79632af700974a434d4c677bfc9adfccd586b31af20535d4bfd2b3031bd5fa406746d4b78b96b19838d32ed180334a0fca80fb690f851b51be1c94b
SSDEEP

3072:NAFwoTQwc3yJI2EnfOJyF64HgqjYZJKw3y109LEVKV7EG:NPoMF3J2EbjAqjYJKr0lcK7

Score

10^/10

modiloader persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

287fb833d1315f8abda3ee0904bdc50ae4c653ba3bf6e3e1f34381ef49fc289a.exe

Resource

win7-20220901-en

modiloader persistence trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

287fb833d1315f8abda3ee0904bdc50ae4c653ba3bf6e3e1f34381ef49fc289a.exe

Resource

win10v2004-20220812-en

modiloader persistence trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  287fb833d1315f8abda3ee0904bdc50ae4c653ba3bf6e3e1f34381ef49fc289a
- Size
  
  137KB
- MD5
  
  63db82e91b3204033c4e8caef9e8a6cb
- SHA1
  
  ff9a173c73deea123031bf0cec649b75cef49c1f
- SHA256
  
  287fb833d1315f8abda3ee0904bdc50ae4c653ba3bf6e3e1f34381ef49fc289a
- SHA512
  
  eef67489b79632af700974a434d4c677bfc9adfccd586b31af20535d4bfd2b3031bd5fa406746d4b78b96b19838d32ed180334a0fca80fb690f851b51be1c94b
- SSDEEP
  
  3072:NAFwoTQwc3yJI2EnfOJyF64HgqjYZJKw3y109LEVKV7EG:NPoMF3J2EbjAqjYJKr0lcK7
Score

10^/10

modiloader persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Sets DLL path for service in the registry
  persistence
- Deletes itself
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

modiloaderpersistencetrojan

behavioral2

modiloaderpersistencetrojan

© 2018-2024

Terms | Privacy