modiloader | 0f11963df60499e24225a2c8485e1cf4a66f6acc27b01b3b2d637e38ba8b11fb | Triage

Analysis

max time kernel
552s
max time network
603s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
26/10/2022, 02:34

Sharing

Report Analysis Logs

General

Target

msg001,pdf.scr
Size

758KB
MD5

08d9f18957526057d90aa7d229b2e027
SHA1

a65e786f886c1701ae858d6dec0d9714683c9bf9
SHA256

0f11963df60499e24225a2c8485e1cf4a66f6acc27b01b3b2d637e38ba8b11fb
SHA512

81ecc746dff24a545389915d82c4998896dcfc208c3cd7c5ebbc7f83a1f090d5c48776509288438b122d43351a1e7756b19f633f03684ad74e5e2d245032e886
SSDEEP

12288:rCUL5e5qQvVHmVo+R0OXL4r70eYt8JyyuITtsUXEvxwUxLfHazzJrR:m45INvVGVoU0OXLPxMyyvuzPBE

Score

10^/10

modiloader trojan

Malware Config

Signatures

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader

ModiLoader Second Stage 1 IoCs

resource	yara_rule
behavioral1/memory/536-55-0x0000000000290000-0x00000000002BB000-memory.dmp	modiloader_stage2

C:\Users\Admin\AppData\Local\Temp\msg001,pdf.scr
"C:\Users\Admin\AppData\Local\Temp\msg001,pdf.scr" /S
1⤵
PID:536

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/536-54-0x0000000076831000-0x0000000076833000-memory.dmp

Filesize
8KB

Download
memory/536-55-0x0000000000290000-0x00000000002BB000-memory.dmp

Filesize
172KB

Download