modiloader | 24b936fee46ed863b96a89990e40964480881580d28f2a0e3c6e52a3ecde776f | Triage

Submit
Reports

Overview

overview

Static

static

24b936fee4...6f.exe

windows7-x64

24b936fee4...6f.exe

windows10-2004-x64

Sharing

General

Target

24b936fee46ed863b96a89990e40964480881580d28f2a0e3c6e52a3ecde776f
Size

844KB
Sample

221011-decgzsbhgl
MD5

61a23dbb6dd7a8199682e0d71de1dd7d
SHA1

c287ed4faf8cf6b12a227b3adccf4d34af184800
SHA256

24b936fee46ed863b96a89990e40964480881580d28f2a0e3c6e52a3ecde776f
SHA512

025ae286d36c3974890c90536b33b4ff67b29194e331239035c461180ca73f61dfb998b716aa478835b0c4a133522c23d419d22ecad34d9ff37cd5bb3b5d60c2
SSDEEP

24576:fvX0CqJm7lpD2KXQztsFvKlH0jmr5WisTzjle5U5TIDV+DwLQk9Qd:3X05Jm7sAKF0GELm8IDVGqQV

Score

10^/10

modiloader evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

24b936fee46ed863b96a89990e40964480881580d28f2a0e3c6e52a3ecde776f.exe

Resource

win7-20220812-en

modiloader evasion persistence trojan

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

24b936fee46ed863b96a89990e40964480881580d28f2a0e3c6e52a3ecde776f.exe

Resource

win10v2004-20220812-en

modiloader evasion persistence trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  24b936fee46ed863b96a89990e40964480881580d28f2a0e3c6e52a3ecde776f
- Size
  
  844KB
- MD5
  
  61a23dbb6dd7a8199682e0d71de1dd7d
- SHA1
  
  c287ed4faf8cf6b12a227b3adccf4d34af184800
- SHA256
  
  24b936fee46ed863b96a89990e40964480881580d28f2a0e3c6e52a3ecde776f
- SHA512
  
  025ae286d36c3974890c90536b33b4ff67b29194e331239035c461180ca73f61dfb998b716aa478835b0c4a133522c23d419d22ecad34d9ff37cd5bb3b5d60c2
- SSDEEP
  
  24576:fvX0CqJm7lpD2KXQztsFvKlH0jmr5WisTzjle5U5TIDV+DwLQk9Qd:3X05Jm7sAKF0GELm8IDVGqQV
Score

10^/10

modiloader evasion persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies WinLogon for persistence
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- ModiLoader Second Stage
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderevasionpersistencetrojan

behavioral2

modiloaderevasionpersistencetrojan

© 2018-2025

Terms | Privacy