modiloader | 199ce03479e486efa6a1e506aad5985cd11476f85add613795566abd397b97f7

General

Target

199ce03479e486efa6a1e506aad5985cd11476f85add613795566abd397b97f7
Size

482KB
Sample

221123-sz3x1afg4v
MD5

9af8edf2029f46a846751f456ed19c4c
SHA1

44ac0e9da1eedc31a0fcb7feb25c66f7a1305a47
SHA256

199ce03479e486efa6a1e506aad5985cd11476f85add613795566abd397b97f7
SHA512

592cb88c02fe4fd27daa52bfa3c8f460f764e34e35fd693328dbad08a01f63a37e4d19fb6dc4c50b5ac3b4ca5a18866a6c4f640c5e958ffe0fc7f830f0c81e23
SSDEEP

12288:v6Wq4aaE6KwyF5L0Y2D1PqL4qWxZPYObm4S2BpRzn9lxZr:tthEVaPqL4qWxlNVZfzn9h

Score

10^/10

Malware Config

Targets

- Target
  
  199ce03479e486efa6a1e506aad5985cd11476f85add613795566abd397b97f7
- Size
  
  482KB
- MD5
  
  9af8edf2029f46a846751f456ed19c4c
- SHA1
  
  44ac0e9da1eedc31a0fcb7feb25c66f7a1305a47
- SHA256
  
  199ce03479e486efa6a1e506aad5985cd11476f85add613795566abd397b97f7
- SHA512
  
  592cb88c02fe4fd27daa52bfa3c8f460f764e34e35fd693328dbad08a01f63a37e4d19fb6dc4c50b5ac3b4ca5a18866a6c4f640c5e958ffe0fc7f830f0c81e23
- SSDEEP
  
  12288:v6Wq4aaE6KwyF5L0Y2D1PqL4qWxZPYObm4S2BpRzn9lxZr:tthEVaPqL4qWxlNVZfzn9h
Score

10^/10

modiloader persistence trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

ModiLoader, DBatLoader

ModiLoader Second Stage

Executes dropped EXE

UPX packed file

Checks computer location settings

Loads dropped DLL

Adds Run key to start application

AutoIT Executable

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2