modiloader | 7438e8bc6c673899bb69e10b72d9bad9ae78267ec4722a8ad7f55c8dc4ac6b80 | Triage

Submit
Reports

Overview

overview

Static

static

7438e8bc6c...80.exe

windows7-x64

7438e8bc6c...80.exe

windows10-2004-x64

Sharing

General

Target

7438e8bc6c673899bb69e10b72d9bad9ae78267ec4722a8ad7f55c8dc4ac6b80
Size

719KB
Sample

221123-xelv7seg49
MD5

5570f797cf9f931942975f8de5c2e6cd
SHA1

e7c17be2bd250bbfa925fc1c7446b80b08e88e08
SHA256

7438e8bc6c673899bb69e10b72d9bad9ae78267ec4722a8ad7f55c8dc4ac6b80
SHA512

c4694fca3cb9c8a6bbcd2cb8a52304e9f74cb91b9a74f7d6be77be5965ee77788e89e537e03eebc5865fe3313ce5c7697133873ef95afa72c19f8a797e863142
SSDEEP

12288:6XgPVmsO7H+JeYkZQors8sEyMGXxeKlX4EEPSwDfAmgBJbf8AwnBrRm8dZ/X:AoZ3J78GLX4bEmCb+rRvZ/X

Score

10^/10

modiloader bootkit evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

7438e8bc6c673899bb69e10b72d9bad9ae78267ec4722a8ad7f55c8dc4ac6b80.exe

Resource

win7-20220812-en

modiloader bootkit evasion persistence trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

7438e8bc6c673899bb69e10b72d9bad9ae78267ec4722a8ad7f55c8dc4ac6b80.exe

Resource

win10v2004-20221111-en

modiloader bootkit persistence trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  7438e8bc6c673899bb69e10b72d9bad9ae78267ec4722a8ad7f55c8dc4ac6b80
- Size
  
  719KB
- MD5
  
  5570f797cf9f931942975f8de5c2e6cd
- SHA1
  
  e7c17be2bd250bbfa925fc1c7446b80b08e88e08
- SHA256
  
  7438e8bc6c673899bb69e10b72d9bad9ae78267ec4722a8ad7f55c8dc4ac6b80
- SHA512
  
  c4694fca3cb9c8a6bbcd2cb8a52304e9f74cb91b9a74f7d6be77be5965ee77788e89e537e03eebc5865fe3313ce5c7697133873ef95afa72c19f8a797e863142
- SSDEEP
  
  12288:6XgPVmsO7H+JeYkZQors8sEyMGXxeKlX4EEPSwDfAmgBJbf8AwnBrRm8dZ/X:AoZ3J78GLX4bEmCb+rRvZ/X
Score

10^/10

modiloader bootkit evasion persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies visiblity of hidden/system files in Explorer
  evasion
- ModiLoader Second Stage
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Bootkit

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

Process Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

modiloaderbootkitevasionpersistencetrojan

behavioral2

modiloaderbootkitpersistencetrojan

© 2018-2024

Terms | Privacy