modiloader | 8d63e6f9a0eef5a31e2518a8028af0c9e0d518b5c5493eeed6b673534b537f70 | Triage

Sharing

General

Target

8d63e6f9a0eef5a31e2518a8028af0c9e0d518b5c5493eeed6b673534b537f70
Size

203KB
Sample

221004-dset9sadej
MD5

6b3358be20fd33a50824a5ec91212879
SHA1

f384bf2e2f1c2a5ef5aad9b127483a75d4519a6b
SHA256

8d63e6f9a0eef5a31e2518a8028af0c9e0d518b5c5493eeed6b673534b537f70
SHA512

12d9854b8c890797d17284bd289b29a97838eb0e927f60c109eb9d89aa70c2698b96ba16cb556556b4043023c1ff15e96d0b960779ff64f16265054d935f0113
SSDEEP

6144:E64DnLGwnvAlQKs8BbP2BfGP7SF9AuTCSh9Ewjw:TeFv0QK5P2BfGeX7Xrjw

Score

10^/10

modiloader evasion persistence

Malware Config

Targets

- Target
  
  8d63e6f9a0eef5a31e2518a8028af0c9e0d518b5c5493eeed6b673534b537f70
- Size
  
  203KB
- MD5
  
  6b3358be20fd33a50824a5ec91212879
- SHA1
  
  f384bf2e2f1c2a5ef5aad9b127483a75d4519a6b
- SHA256
  
  8d63e6f9a0eef5a31e2518a8028af0c9e0d518b5c5493eeed6b673534b537f70
- SHA512
  
  12d9854b8c890797d17284bd289b29a97838eb0e927f60c109eb9d89aa70c2698b96ba16cb556556b4043023c1ff15e96d0b960779ff64f16265054d935f0113
- SSDEEP
  
  6144:E64DnLGwnvAlQKs8BbP2BfGP7SF9AuTCSh9Ewjw:TeFv0QK5P2BfGeX7Xrjw
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence