modiloader | 2094d30dea8b0156041fd371f3c82d0ebbf39ed98ee34613958e6e28ddcbc424 | Triage

Analysis

max time kernel
132s
max time network
147s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
27/10/2022, 11:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0234122562756152526.exe
Size

748KB
MD5

6b87589f12f3ca7a3dda937761317741
SHA1

15250c59962314684b090c01b5a97f0ebeaeec6b
SHA256

2094d30dea8b0156041fd371f3c82d0ebbf39ed98ee34613958e6e28ddcbc424
SHA512

325b19b0ed38f3bc29d28ec9f7652399bfb6d0ae958ce53c8c7b8ba04c68ce368235a41a8441989cde45c5a960cd462e6ad127c83997862d02ebbf501623d1aa
SSDEEP

12288:QFwXm1eLcZbP9mpAmFXZ5e0mvXTeYZITtsUXqvxwUxLfHazzJr0:QFGQeabFmKmFzhmvJWu5PB

Score

10^/10

modiloader trojan

Malware Config

Signatures

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader

ModiLoader Second Stage 1 IoCs

resource	yara_rule
behavioral1/memory/1044-55-0x0000000000290000-0x00000000002BB000-memory.dmp	modiloader_stage2

C:\Users\Admin\AppData\Local\Temp\0234122562756152526.exe
"C:\Users\Admin\AppData\Local\Temp\0234122562756152526.exe"
1⤵
PID:1044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1044-54-0x0000000075071000-0x0000000075073000-memory.dmp

Filesize
8KB

Download
memory/1044-55-0x0000000000290000-0x00000000002BB000-memory.dmp

Filesize
172KB

Download