modiloader | 34cbdb4b5e7f77e2485e8caf90d7756448cfc5efc9f0623e906b7cbc2f63f454 | Triage

Submit
Reports

Overview

overview

Static

static

34cbdb4b5e...54.exe

windows7-x64

34cbdb4b5e...54.exe

windows10-2004-x64

Sharing

General

Target

34cbdb4b5e7f77e2485e8caf90d7756448cfc5efc9f0623e906b7cbc2f63f454
Size

719KB
Sample

221003-dhkyjaegdm
MD5

6becf844a4fa08cb6c72e5f20f0820ba
SHA1

f2a45b8442f3c8daff48c618e67f50e141bface3
SHA256

34cbdb4b5e7f77e2485e8caf90d7756448cfc5efc9f0623e906b7cbc2f63f454
SHA512

35f4d101e782e5b3ff46544fc092bccd143b9ba72975fa126383c2598518ae32505cec16b3018d8fe03dfc3777d705a9b290ffbbe063305fd841eab380b69cda
SSDEEP

12288:6XgPVmsO7H+JeYkZQors8sEyMGXxeFlX4EEPSwDfAmgBJbf8AwnBrRm8dZ/X:AoZ3J78GSX4bEmCb+rRvZ/X

Score

10^/10

modiloader bootkit evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

34cbdb4b5e7f77e2485e8caf90d7756448cfc5efc9f0623e906b7cbc2f63f454.exe

Resource

win7-20220812-en

modiloader bootkit evasion persistence trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

34cbdb4b5e7f77e2485e8caf90d7756448cfc5efc9f0623e906b7cbc2f63f454.exe

Resource

win10v2004-20220812-en

modiloader bootkit persistence trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  34cbdb4b5e7f77e2485e8caf90d7756448cfc5efc9f0623e906b7cbc2f63f454
- Size
  
  719KB
- MD5
  
  6becf844a4fa08cb6c72e5f20f0820ba
- SHA1
  
  f2a45b8442f3c8daff48c618e67f50e141bface3
- SHA256
  
  34cbdb4b5e7f77e2485e8caf90d7756448cfc5efc9f0623e906b7cbc2f63f454
- SHA512
  
  35f4d101e782e5b3ff46544fc092bccd143b9ba72975fa126383c2598518ae32505cec16b3018d8fe03dfc3777d705a9b290ffbbe063305fd841eab380b69cda
- SSDEEP
  
  12288:6XgPVmsO7H+JeYkZQors8sEyMGXxeFlX4EEPSwDfAmgBJbf8AwnBrRm8dZ/X:AoZ3J78GSX4bEmCb+rRvZ/X
Score

10^/10

modiloader bootkit evasion persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies visiblity of hidden/system files in Explorer
  evasion
- ModiLoader Second Stage
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Bootkit

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

Process Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

modiloaderbootkitevasionpersistencetrojan

behavioral2

modiloaderbootkitpersistencetrojan

© 2018-2024

Terms | Privacy