modiloader | 925fffa0c13ed3c979cee65ed15e17156e8dac45d1778ff61ff43775a063c07c | Triage

Submit
Reports

Overview

overview

Static

static

8

925fffa0c1...7c.exe

windows7-x64

925fffa0c1...7c.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

925fffa0c13ed3c979cee65ed15e17156e8dac45d1778ff61ff43775a063c07c
Size

136KB
Sample

221011-k1zb7sfdgr
MD5

647e0a210ada00954782b8c8391c8156
SHA1

0d3881b7989f2ac3673d2d42b8d1170b83d0aca6
SHA256

925fffa0c13ed3c979cee65ed15e17156e8dac45d1778ff61ff43775a063c07c
SHA512

12f3fa903769e8e844864726e80ee97a57beb791b74afbe2cb5ca82a114697740d86d11820813a3b8bd460da249a6ace91da8d8e553d8b651518cb522c0f7910
SSDEEP

3072:Roy8j7VnNdrPHaSekwi+mWXaMKcE7outno9c6:h8jZ7rvaU3+mWXlKcE7oSo

Score

10^/10

modiloader evasion persistence trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

925fffa0c13ed3c979cee65ed15e17156e8dac45d1778ff61ff43775a063c07c.exe

Resource

win7-20220901-en

modiloader evasion persistence trojan upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

925fffa0c13ed3c979cee65ed15e17156e8dac45d1778ff61ff43775a063c07c.exe

Resource

win10v2004-20220901-en

modiloader evasion persistence trojan upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  925fffa0c13ed3c979cee65ed15e17156e8dac45d1778ff61ff43775a063c07c
- Size
  
  136KB
- MD5
  
  647e0a210ada00954782b8c8391c8156
- SHA1
  
  0d3881b7989f2ac3673d2d42b8d1170b83d0aca6
- SHA256
  
  925fffa0c13ed3c979cee65ed15e17156e8dac45d1778ff61ff43775a063c07c
- SHA512
  
  12f3fa903769e8e844864726e80ee97a57beb791b74afbe2cb5ca82a114697740d86d11820813a3b8bd460da249a6ace91da8d8e553d8b651518cb522c0f7910
- SSDEEP
  
  3072:Roy8j7VnNdrPHaSekwi+mWXaMKcE7outno9c6:h8jZ7rvaU3+mWXlKcE7oSo
Score

10^/10

modiloader evasion persistence trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- UAC bypass
  evasion trojan
- ModiLoader Second Stage
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderevasionpersistencetrojanupx

behavioral2

modiloaderevasionpersistencetrojanupx

© 2018-2025

Terms | Privacy