modiloader | 261221fab98faeb90fa553cbe07b8ca3ce523b45745f417494328b50b652ea23 | Triage

Submit
Reports

Overview

overview

Static

static

8

261221fab9...23.exe

windows7-x64

261221fab9...23.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

261221fab98faeb90fa553cbe07b8ca3ce523b45745f417494328b50b652ea23
Size

111KB
Sample

221011-k17zcafcf2
MD5

07efb4dee91829ce738e560f04ead0ce
SHA1

977f8476fd3dc3d9c3edad7df2f82691b4cc4839
SHA256

261221fab98faeb90fa553cbe07b8ca3ce523b45745f417494328b50b652ea23
SHA512

b55d9e3e3298398dbd2a5a88c000afd38877846d6a612209d7993a95afc6159646028d0ec6e6b49fbfc55395ff02066403aafe71aefde1cd5308eb148a498f73
SSDEEP

3072:Ooy8j7VnNdrPHaSekwi+mW+23ei4TH1SNqhout:u8jZ7rvaU3+mWrK8whoS

Score

10^/10

modiloader evasion persistence trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

261221fab98faeb90fa553cbe07b8ca3ce523b45745f417494328b50b652ea23.exe

Resource

win7-20220812-en

modiloader evasion persistence trojan upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

261221fab98faeb90fa553cbe07b8ca3ce523b45745f417494328b50b652ea23.exe

Resource

win10v2004-20220812-en

modiloader evasion persistence trojan upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  261221fab98faeb90fa553cbe07b8ca3ce523b45745f417494328b50b652ea23
- Size
  
  111KB
- MD5
  
  07efb4dee91829ce738e560f04ead0ce
- SHA1
  
  977f8476fd3dc3d9c3edad7df2f82691b4cc4839
- SHA256
  
  261221fab98faeb90fa553cbe07b8ca3ce523b45745f417494328b50b652ea23
- SHA512
  
  b55d9e3e3298398dbd2a5a88c000afd38877846d6a612209d7993a95afc6159646028d0ec6e6b49fbfc55395ff02066403aafe71aefde1cd5308eb148a498f73
- SSDEEP
  
  3072:Ooy8j7VnNdrPHaSekwi+mW+23ei4TH1SNqhout:u8jZ7rvaU3+mWrK8whoS
Score

10^/10

modiloader evasion persistence trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- UAC bypass
  evasion trojan
- ModiLoader Second Stage
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderevasionpersistencetrojanupx

behavioral2

modiloaderevasionpersistencetrojanupx

© 2018-2025

Terms | Privacy