modiloader | dcac7c0a08250b164343c102ef9d863a49c44343c6ce3e0cd1197cb7e3198937

Analysis

max time kernel
132s
max time network
145s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01-11-2022 18:01

Target

cb05257018c4a1b95845ec2a3e595878.exe
Size

769KB
MD5

cb05257018c4a1b95845ec2a3e595878
SHA1

94348a7a26c0414b9f58225aba75b64697dd5f86
SHA256

dcac7c0a08250b164343c102ef9d863a49c44343c6ce3e0cd1197cb7e3198937
SHA512

e3bd091e5c3a8798013d55a28016497eec635f32d17583f18b18730d6182fa4cce8f72e1bc78a10315908851c20ba5e3ac0b81dc7f0c0f8fb28e11b7ceb0f4d2
SSDEEP

12288:hCUL5e5qQvVHmVo+R0OXL4r70eYt8JyynITtsUXyvxwUxLfHazzJrN:s45INvVGVoU0OXLPxMyyIuVPB

Score

10^/10

modiloader trojan

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader

ModiLoader Second Stage 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/832-55-0x00000000004F0000-0x000000000051B000-memory.dmp	modiloader_stage2

C:\Users\Admin\AppData\Local\Temp\cb05257018c4a1b95845ec2a3e595878.exe
"C:\Users\Admin\AppData\Local\Temp\cb05257018c4a1b95845ec2a3e595878.exe"
1⤵
PID:832

memory/832-54-0x0000000075091000-0x0000000075093000-memory.dmp

Filesize
8KB

Download
memory/832-55-0x00000000004F0000-0x000000000051B000-memory.dmp

Filesize
172KB

Download