modiloader | 8c4a22f48726a955f88f52a56ce34a5e3ea82e36d641cc7cc1c0dd097845cb5e | Triage

Submit
Reports

Overview

overview

Static

static

8c4a22f487...5e.exe

windows7-x64

8c4a22f487...5e.exe

windows10-2004-x64

Sharing

General

Target

8c4a22f48726a955f88f52a56ce34a5e3ea82e36d641cc7cc1c0dd097845cb5e
Size

299KB
Sample

221003-z1q36affb3
MD5

3afec8ce8d988162c77f47f769f657b8
SHA1

5bef1b2ce5ef119884381f7bcff7860b60dcc048
SHA256

8c4a22f48726a955f88f52a56ce34a5e3ea82e36d641cc7cc1c0dd097845cb5e
SHA512

b6af0eed4ec7b17edf2ec0b79bcc89a0e923a3ef88b7ccab63ed661cd9f8fa2774d385dbc84c858295e2733306848662e60b79356223d8d98d1c11aae9bb9e0c
SSDEEP

6144:AuCeBGw82i4MaCqCGlGfr/9t7HVJrmxF3eTd6fWqiog1Mp1JJ52Q5kd:OeBGv2i4MtBGlGbP7HViYTuioec2oY

Score

10^/10

modiloader trojan

Static task

static1

Behavioral task

behavioral1

Sample

8c4a22f48726a955f88f52a56ce34a5e3ea82e36d641cc7cc1c0dd097845cb5e.exe

Resource

win7-20220812-en

modiloader trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

8c4a22f48726a955f88f52a56ce34a5e3ea82e36d641cc7cc1c0dd097845cb5e.exe

Resource

win10v2004-20220812-en

modiloader trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  8c4a22f48726a955f88f52a56ce34a5e3ea82e36d641cc7cc1c0dd097845cb5e
- Size
  
  299KB
- MD5
  
  3afec8ce8d988162c77f47f769f657b8
- SHA1
  
  5bef1b2ce5ef119884381f7bcff7860b60dcc048
- SHA256
  
  8c4a22f48726a955f88f52a56ce34a5e3ea82e36d641cc7cc1c0dd097845cb5e
- SHA512
  
  b6af0eed4ec7b17edf2ec0b79bcc89a0e923a3ef88b7ccab63ed661cd9f8fa2774d385dbc84c858295e2733306848662e60b79356223d8d98d1c11aae9bb9e0c
- SSDEEP
  
  6144:AuCeBGw82i4MaCqCGlGfr/9t7HVJrmxF3eTd6fWqiog1Mp1JJ52Q5kd:OeBGv2i4MtBGlGbP7HViYTuioec2oY
Score

10^/10

modiloader trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- ModiLoader Second Stage
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

modiloadertrojan

behavioral2

modiloadertrojan

© 2018-2024

Terms | Privacy