modiloader | 147738aa525274680892e5ee1e04e01416d96a952bfee0a78397f841470c1eed | Triage

Submit
Reports

Overview

overview

Static

static

147738aa52...ed.exe

windows7-x64

147738aa52...ed.exe

windows10-2004-x64

3

Sharing

General

Target

147738aa525274680892e5ee1e04e01416d96a952bfee0a78397f841470c1eed
Size

1.9MB
Sample

221126-apj32acd81
MD5

af82addd1d1d2b1b5cad2862cb827471
SHA1

40fea100a33ce5e2f41c6ee7494d8cad1b550d9b
SHA256

147738aa525274680892e5ee1e04e01416d96a952bfee0a78397f841470c1eed
SHA512

09425789e76bef72e4e222497718720ed84771b4a1e2ee90cb2640ad98e81fc8f22e1affce04bf99c196dbf7bde86e1afc56d14b34a84381d3a878cfc6f87797
SSDEEP

49152:Ie3gzRpBN39G5toSNFWAOYs577zQH75DQ32FcK7Rq/U2IU2Q:9gzRd39GA2FmJwV5qbc2iQ

Score

10^/10

modiloader aspackv2 persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

147738aa525274680892e5ee1e04e01416d96a952bfee0a78397f841470c1eed.exe

Resource

win7-20220812-en

modiloader aspackv2 persistence trojan

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

147738aa525274680892e5ee1e04e01416d96a952bfee0a78397f841470c1eed.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Targets

- Target
  
  147738aa525274680892e5ee1e04e01416d96a952bfee0a78397f841470c1eed
- Size
  
  1.9MB
- MD5
  
  af82addd1d1d2b1b5cad2862cb827471
- SHA1
  
  40fea100a33ce5e2f41c6ee7494d8cad1b550d9b
- SHA256
  
  147738aa525274680892e5ee1e04e01416d96a952bfee0a78397f841470c1eed
- SHA512
  
  09425789e76bef72e4e222497718720ed84771b4a1e2ee90cb2640ad98e81fc8f22e1affce04bf99c196dbf7bde86e1afc56d14b34a84381d3a878cfc6f87797
- SSDEEP
  
  49152:Ie3gzRpBN39G5toSNFWAOYs577zQH75DQ32FcK7Rq/U2IU2Q:9gzRd39GA2FmJwV5qbc2iQ
Score

10^/10

modiloader aspackv2 persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

modiloaderaspackv2persistencetrojan

behavioral2

© 2018-2024

Terms | Privacy