modiloader | 0e5f31e5e621d8fe3893e39e13a26698339226998c1d77c0682421956b64bfb3 | Triage

Submit
Reports

Overview

overview

Static

static

0e5f31e5e6...b3.exe

windows7-x64

0e5f31e5e6...b3.exe

windows10-2004-x64

Sharing

General

Target

0e5f31e5e621d8fe3893e39e13a26698339226998c1d77c0682421956b64bfb3
Size

2.2MB
Sample

221125-lqt56sgf75
MD5

0f018f32f0af9c878fdbffa381005100
SHA1

c8d8a423e635777fa5bc73b029414612a26869c7
SHA256

0e5f31e5e621d8fe3893e39e13a26698339226998c1d77c0682421956b64bfb3
SHA512

f027d936554a245f21f7b10a374ff0442876ed277d0acb0e6af662b4c6c2269015a149943a95fb1dcce79ec4ebc5ba06b3cc8ae1d5c86ae079b77dd6573ad6cf
SSDEEP

49152:HpMRn2NcS7PE5pkKDGKffsAwLkTYMeIEj:HpMR2NJCffsAwgTYMFEj

Score

10^/10

modiloader bootkit persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

0e5f31e5e621d8fe3893e39e13a26698339226998c1d77c0682421956b64bfb3.exe

Resource

win7-20220812-en

modiloader bootkit persistence trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

0e5f31e5e621d8fe3893e39e13a26698339226998c1d77c0682421956b64bfb3.exe

Resource

win10v2004-20220812-en

modiloader persistence trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  0e5f31e5e621d8fe3893e39e13a26698339226998c1d77c0682421956b64bfb3
- Size
  
  2.2MB
- MD5
  
  0f018f32f0af9c878fdbffa381005100
- SHA1
  
  c8d8a423e635777fa5bc73b029414612a26869c7
- SHA256
  
  0e5f31e5e621d8fe3893e39e13a26698339226998c1d77c0682421956b64bfb3
- SHA512
  
  f027d936554a245f21f7b10a374ff0442876ed277d0acb0e6af662b4c6c2269015a149943a95fb1dcce79ec4ebc5ba06b3cc8ae1d5c86ae079b77dd6573ad6cf
- SSDEEP
  
  49152:HpMRn2NcS7PE5pkKDGKffsAwLkTYMeIEj:HpMR2NJCffsAwgTYMFEj
Score

10^/10

modiloader bootkit persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader First Stage
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

modiloaderbootkitpersistencetrojan

behavioral2

modiloaderpersistencetrojan

© 2018-2024

Terms | Privacy