modiloader | d03ca3302de98d854b3f294cd74b43b93870704a26baacce7f3f5bddf1ff056a | Triage

Submit
Reports

Overview

overview

Static

static

d03ca3302d...6a.rtf

windows7-x64

d03ca3302d...6a.rtf

windows10-2004-x64

1

Sharing

General

Target

d03ca3302de98d854b3f294cd74b43b93870704a26baacce7f3f5bddf1ff056a.doc
Size

16KB
Sample

221017-ksqp4abbf6
MD5

0e00253e7a976060b3218801f6497847
SHA1

773927e12c5ebe72198fd2213bdbea586fdaabf8
SHA256

d03ca3302de98d854b3f294cd74b43b93870704a26baacce7f3f5bddf1ff056a
SHA512

e4af9738208e25b6ff8c10e9fe0196a114a534f7d055b14828837b1e866bbaae32db2b7c5616b2f0c95c85166bb17668401383e2a57aace7518da98277b47b43
SSDEEP

192:E7EJ1JffCA+iB6S5JLuhhN5zLBjHk2yd8iiz8nYmix4V4KirP3wM9JLnsl7lpREE:EjiB6PWLiz8n9iiV+rPp9JLnEBjF

Score

10^/10

modiloader trojan

Static task

static1

Behavioral task

behavioral1

Sample

d03ca3302de98d854b3f294cd74b43b93870704a26baacce7f3f5bddf1ff056a.rtf

Resource

win7-20220812-en

modiloader trojan

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

d03ca3302de98d854b3f294cd74b43b93870704a26baacce7f3f5bddf1ff056a.rtf

Resource

win10v2004-20220812-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  d03ca3302de98d854b3f294cd74b43b93870704a26baacce7f3f5bddf1ff056a.doc
- Size
  
  16KB
- MD5
  
  0e00253e7a976060b3218801f6497847
- SHA1
  
  773927e12c5ebe72198fd2213bdbea586fdaabf8
- SHA256
  
  d03ca3302de98d854b3f294cd74b43b93870704a26baacce7f3f5bddf1ff056a
- SHA512
  
  e4af9738208e25b6ff8c10e9fe0196a114a534f7d055b14828837b1e866bbaae32db2b7c5616b2f0c95c85166bb17668401383e2a57aace7518da98277b47b43
- SSDEEP
  
  192:E7EJ1JffCA+iB6S5JLuhhN5zLBjHk2yd8iiz8nYmix4V4KirP3wM9JLnsl7lpREE:EjiB6PWLiz8n9iiV+rPp9JLnEBjF
Score

10^/10

modiloader trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Exploitation for Client Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloadertrojan

behavioral2

© 2018-2025

Terms | Privacy