modiloader | 835a652ee8dc0143e2e581550212e8dac8b9cbdd36eef4e0151ebff8053adf81 | Triage

Submit
Reports

Overview

overview

Static

static

835a652ee8...81.exe

windows7-x64

835a652ee8...81.exe

windows10-2004-x64

Sharing

General

Target

835a652ee8dc0143e2e581550212e8dac8b9cbdd36eef4e0151ebff8053adf81
Size

314KB
Sample

221004-ec8m3sbchp
MD5

494f779566dd1604344b8a9f931bfd8a
SHA1

5811a9dd688dbad8d2abebbe715791fc7086d766
SHA256

835a652ee8dc0143e2e581550212e8dac8b9cbdd36eef4e0151ebff8053adf81
SHA512

9b39e5b1cd230eb0ab05e1786c7b3e3bbff06a3bcf1766b24461ebc08715d3709c4849f4ac69d199f2419d7df3089ff1e1e323b959056327f238a4c5de01a8f5
SSDEEP

6144:F3zDLbUUFEv5QOFaAPck2miZ+8K54S9G4zjOqlL1JGhwAPxU+O7H:eQKaAnDiZ+86E4HOibAbg

Score

10^/10

modiloader evasion trojan

Static task

static1

Behavioral task

behavioral1

Sample

835a652ee8dc0143e2e581550212e8dac8b9cbdd36eef4e0151ebff8053adf81.exe

Resource

win7-20220812-en

modiloader evasion trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

835a652ee8dc0143e2e581550212e8dac8b9cbdd36eef4e0151ebff8053adf81.exe

Resource

win10v2004-20220812-en

modiloader evasion trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  835a652ee8dc0143e2e581550212e8dac8b9cbdd36eef4e0151ebff8053adf81
- Size
  
  314KB
- MD5
  
  494f779566dd1604344b8a9f931bfd8a
- SHA1
  
  5811a9dd688dbad8d2abebbe715791fc7086d766
- SHA256
  
  835a652ee8dc0143e2e581550212e8dac8b9cbdd36eef4e0151ebff8053adf81
- SHA512
  
  9b39e5b1cd230eb0ab05e1786c7b3e3bbff06a3bcf1766b24461ebc08715d3709c4849f4ac69d199f2419d7df3089ff1e1e323b959056327f238a4c5de01a8f5
- SSDEEP
  
  6144:F3zDLbUUFEv5QOFaAPck2miZ+8K54S9G4zjOqlL1JGhwAPxU+O7H:eQKaAnDiZ+86E4HOibAbg
Score

10^/10

modiloader evasion trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- UAC bypass
  evasion trojan
- ModiLoader Second Stage
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

modiloaderevasiontrojan

behavioral2

modiloaderevasiontrojan

© 2018-2024

Terms | Privacy