modiloader | 5166c071608a077ab1fa6d6c7c69f150072603fe33a7dca4558b8945842f0e34 | Triage

Submit
Reports

Overview

overview

Static

static

5166c07160...34.exe

windows7-x64

5166c07160...34.exe

windows10-2004-x64

Sharing

General

Target

5166c071608a077ab1fa6d6c7c69f150072603fe33a7dca4558b8945842f0e34
Size

614KB
Sample

221004-a4tk1sedem
MD5

64c4b060401081eb18598792c6cab6b9
SHA1

ff1ee61e848a5ae6ae3e7c34bd5c7ae7ed965dab
SHA256

5166c071608a077ab1fa6d6c7c69f150072603fe33a7dca4558b8945842f0e34
SHA512

11730fd2df071641c1554a3e0f48e5784bec89f2d00216565fe3c966d40c562429563921bae38d422c9be63ba3c045fc17492dd2f908cdfd0fd82a0849fe9c0a
SSDEEP

12288:iutrzh9xOXkyPaZf7eClizFGi4bOM/aKjhSVaiknpeOzR/0Oqvr0FJUL+LNinxg:iutr5OUyP0zeAAFG9H/aiSVaTpeYhzqW

Score

10^/10

modiloader trojan

Static task

static1

Behavioral task

behavioral1

Sample

5166c071608a077ab1fa6d6c7c69f150072603fe33a7dca4558b8945842f0e34.exe

Resource

win7-20220812-en

modiloader trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

5166c071608a077ab1fa6d6c7c69f150072603fe33a7dca4558b8945842f0e34.exe

Resource

win10v2004-20220812-en

modiloader trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  5166c071608a077ab1fa6d6c7c69f150072603fe33a7dca4558b8945842f0e34
- Size
  
  614KB
- MD5
  
  64c4b060401081eb18598792c6cab6b9
- SHA1
  
  ff1ee61e848a5ae6ae3e7c34bd5c7ae7ed965dab
- SHA256
  
  5166c071608a077ab1fa6d6c7c69f150072603fe33a7dca4558b8945842f0e34
- SHA512
  
  11730fd2df071641c1554a3e0f48e5784bec89f2d00216565fe3c966d40c562429563921bae38d422c9be63ba3c045fc17492dd2f908cdfd0fd82a0849fe9c0a
- SSDEEP
  
  12288:iutrzh9xOXkyPaZf7eClizFGi4bOM/aKjhSVaiknpeOzR/0Oqvr0FJUL+LNinxg:iutr5OUyP0zeAAFG9H/aiSVaTpeYhzqW
Score

10^/10

modiloader trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloadertrojan

behavioral2

modiloadertrojan

© 2018-2025

Terms | Privacy