modiloader | 2c524177bab88aab2ff8ca596f55295d3aab69a9a2168f6211f33843413ef5e5 | Triage

Submit
Reports

Overview

overview

Static

static

1

2c524177ba...e5.exe

windows7-x64

2c524177ba...e5.exe

windows10-2004-x64

Sharing

General

Target

2c524177bab88aab2ff8ca596f55295d3aab69a9a2168f6211f33843413ef5e5
Size

83KB
Sample

221124-esaqzsbe7y
MD5

c65d1502c2a9da15dab773785d453867
SHA1

0c0335bb4f95dde6d4c80cab87892558729e1ce6
SHA256

2c524177bab88aab2ff8ca596f55295d3aab69a9a2168f6211f33843413ef5e5
SHA512

8d84db3ee96bacd3c211e6fdc0a1382c214f0556b5d7dae95822594b3216ce3341742f039f9d2ff9b94202d40f817ab91326aa2a88fe97cf9e8f0b197911df86
SSDEEP

1536:R4UHxpN/MUXsLTvCj0DBXJaOTwWb144+Wa4OvQ5mTGgoGsXxRFzOn5e:R4URpNUUX6z/DBXJfTwWxqvQ5mTFoGsF

Score

10^/10

modiloader persistence trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2c524177bab88aab2ff8ca596f55295d3aab69a9a2168f6211f33843413ef5e5.exe

Resource

win7-20221111-en

modiloader persistence trojan upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

2c524177bab88aab2ff8ca596f55295d3aab69a9a2168f6211f33843413ef5e5.exe

Resource

win10v2004-20220901-en

modiloader persistence trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  2c524177bab88aab2ff8ca596f55295d3aab69a9a2168f6211f33843413ef5e5
- Size
  
  83KB
- MD5
  
  c65d1502c2a9da15dab773785d453867
- SHA1
  
  0c0335bb4f95dde6d4c80cab87892558729e1ce6
- SHA256
  
  2c524177bab88aab2ff8ca596f55295d3aab69a9a2168f6211f33843413ef5e5
- SHA512
  
  8d84db3ee96bacd3c211e6fdc0a1382c214f0556b5d7dae95822594b3216ce3341742f039f9d2ff9b94202d40f817ab91326aa2a88fe97cf9e8f0b197911df86
- SSDEEP
  
  1536:R4UHxpN/MUXsLTvCj0DBXJaOTwWb144+Wa4OvQ5mTGgoGsXxRFzOn5e:R4URpNUUX6z/DBXJfTwWxqvQ5mTFoGsF
Score

10^/10

modiloader persistence trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderpersistencetrojanupx

behavioral2

modiloaderpersistencetrojanupx

© 2018-2024

Terms | Privacy