modiloader | 825280709d491728cded1f35ec03e8777e73a792ab557695d17a4414504428ce | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

8

825280709d...ce.exe

windows7-x64

825280709d...ce.exe

windows10-2004-x64

Sharing

General

Target

825280709d491728cded1f35ec03e8777e73a792ab557695d17a4414504428ce
Size

114KB
Sample

221107-ytx3fsfeb5
MD5

04e0335ba46c6fb87c2e98cf58bafdc6
SHA1

985844b75616173aef12353e05440cf49abeee7a
SHA256

825280709d491728cded1f35ec03e8777e73a792ab557695d17a4414504428ce
SHA512

2b2b57e1792335c1cf1a3799755e9cfb837a3542ca4ac888785ba6c40935f49815c79a274f50c0df8f6018737fb9696bb9abf66f6826ec269062c4840a3dcaf7
SSDEEP

3072:Eoy8j7VnNdrPHaSekwi+mWJJlQlDADkLAout6:08jZ7rvaU3+mWJk0DfoS6

Score

10^/10

modiloader evasion persistence trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

825280709d491728cded1f35ec03e8777e73a792ab557695d17a4414504428ce.exe

Resource

win7-20220812-en

modiloader evasion persistence trojan upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

825280709d491728cded1f35ec03e8777e73a792ab557695d17a4414504428ce.exe

Resource

win10v2004-20220901-en

modiloader evasion persistence trojan upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  825280709d491728cded1f35ec03e8777e73a792ab557695d17a4414504428ce
- Size
  
  114KB
- MD5
  
  04e0335ba46c6fb87c2e98cf58bafdc6
- SHA1
  
  985844b75616173aef12353e05440cf49abeee7a
- SHA256
  
  825280709d491728cded1f35ec03e8777e73a792ab557695d17a4414504428ce
- SHA512
  
  2b2b57e1792335c1cf1a3799755e9cfb837a3542ca4ac888785ba6c40935f49815c79a274f50c0df8f6018737fb9696bb9abf66f6826ec269062c4840a3dcaf7
- SSDEEP
  
  3072:Eoy8j7VnNdrPHaSekwi+mWJJlQlDADkLAout6:08jZ7rvaU3+mWJk0DfoS6
Score

10^/10

modiloader evasion persistence trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- UAC bypass
  evasion trojan
- ModiLoader Second Stage
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderevasionpersistencetrojanupx

behavioral2

modiloaderevasionpersistencetrojanupx

© 2018-2025

Terms | Privacy