modiloader | 45ab162f365a4f944c0fd4a21adc842d3f5124c2694b76b684dce270cbc26a48 | Triage

Submit
Reports

Overview

overview

Static

static

45ab162f36...48.exe

windows7-x64

45ab162f36...48.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

45ab162f365a4f944c0fd4a21adc842d3f5124c2694b76b684dce270cbc26a48
Size

492KB
Sample

221003-jdqwwaddc9
MD5

06b4cb2438b99e1cdd837f36d03255e6
SHA1

a2f3f07dabded586694898b89cb4da73d9557208
SHA256

45ab162f365a4f944c0fd4a21adc842d3f5124c2694b76b684dce270cbc26a48
SHA512

b37744b68034438ba0556f510a6442f1a116db03976993cdda91813c442d24f93ba81c994e124fb9feac555221078564aff3c0f837c6d9f8b56af20937fa803c
SSDEEP

12288:ejuTkMa586N2rAs3e3D35UQpXyjWz8iu6pqXALLbr2U7QFxyzw:esUNl6yD2KXYWzj3rZQFz

Score

10^/10

modiloader evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

45ab162f365a4f944c0fd4a21adc842d3f5124c2694b76b684dce270cbc26a48.exe

Resource

win7-20220812-en

modiloader evasion persistence trojan

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

45ab162f365a4f944c0fd4a21adc842d3f5124c2694b76b684dce270cbc26a48.exe

Resource

win10v2004-20220812-en

modiloader evasion persistence trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  45ab162f365a4f944c0fd4a21adc842d3f5124c2694b76b684dce270cbc26a48
- Size
  
  492KB
- MD5
  
  06b4cb2438b99e1cdd837f36d03255e6
- SHA1
  
  a2f3f07dabded586694898b89cb4da73d9557208
- SHA256
  
  45ab162f365a4f944c0fd4a21adc842d3f5124c2694b76b684dce270cbc26a48
- SHA512
  
  b37744b68034438ba0556f510a6442f1a116db03976993cdda91813c442d24f93ba81c994e124fb9feac555221078564aff3c0f837c6d9f8b56af20937fa803c
- SSDEEP
  
  12288:ejuTkMa586N2rAs3e3D35UQpXyjWz8iu6pqXALLbr2U7QFxyzw:esUNl6yD2KXYWzj3rZQFz
Score

10^/10

modiloader evasion persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies visiblity of hidden/system files in Explorer
  evasion
- ModiLoader Second Stage
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderevasionpersistencetrojan

behavioral2

modiloaderevasionpersistencetrojan

© 2018-2025

Terms | Privacy