modiloader | 8ea72282f7dfbac5825559640cded147ed27ed8f67063dd3ecddc539d6072a69

Analysis

max time kernel
132s
max time network
148s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
30-10-2022 02:56

Target

79dc1b8c0216ce79dbe0988cfb968671.exe
Size

769KB
MD5

79dc1b8c0216ce79dbe0988cfb968671
SHA1

58a1e4297a9a9db1bb8e1f3874d139b18e633f96
SHA256

8ea72282f7dfbac5825559640cded147ed27ed8f67063dd3ecddc539d6072a69
SHA512

4f745a825bf8614ba94432e999b6f2679b6e020e1ffa93ff802b03b76224a606a95e9be34cc4665fc8799efe99cb4b3893ed6fe8f94b8572b693b9c5ea40991c
SSDEEP

12288:hCUL5e5qQvVHmVo+R0OXL4r70eYt8JyynITtsUXNvxwUxLfHazzJrN:s45INvVGVoU0OXLPxMyyIuqPB

Score

10^/10

modiloader trojan

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader

ModiLoader Second Stage 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1600-55-0x00000000002A0000-0x00000000002CB000-memory.dmp	modiloader_stage2

C:\Users\Admin\AppData\Local\Temp\79dc1b8c0216ce79dbe0988cfb968671.exe
"C:\Users\Admin\AppData\Local\Temp\79dc1b8c0216ce79dbe0988cfb968671.exe"
1⤵
PID:1600

memory/1600-54-0x0000000076461000-0x0000000076463000-memory.dmp

Filesize
8KB

Download
memory/1600-55-0x00000000002A0000-0x00000000002CB000-memory.dmp

Filesize
172KB

Download