modiloader | 132841b64fb904fe2adfd2c0db18b5e2a095fc84947463c2bc156efb9cb3ac72 | Triage

Submit
Reports

Overview

overview

Static

static

132841b64f...72.exe

windows7-x64

132841b64f...72.exe

windows10-2004-x64

Sharing

General

Target

132841b64fb904fe2adfd2c0db18b5e2a095fc84947463c2bc156efb9cb3ac72
Size

60KB
Sample

221126-cncnnshc7x
MD5

e578f6084191f2ff74950a631d8f7282
SHA1

f932dac9045a56b455e2aafd8bb47a6375abfa2b
SHA256

132841b64fb904fe2adfd2c0db18b5e2a095fc84947463c2bc156efb9cb3ac72
SHA512

9c40182d4c92f05374d3305e693998d28d2b05eadf50b6e3f4aa61f9a3e584417e05cab52c15dd2758dda7a8e8dd3bd9e70a44d73309862ab3a8fd42d58cb21e
SSDEEP

1536:5n4a/BelCxk1d2kSQkk3xVmlQir1FlRi:zp4djOkhVwPvlQ

Score

10^/10

modiloader persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

132841b64fb904fe2adfd2c0db18b5e2a095fc84947463c2bc156efb9cb3ac72.exe

Resource

win7-20221111-en

modiloader persistence trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

132841b64fb904fe2adfd2c0db18b5e2a095fc84947463c2bc156efb9cb3ac72.exe

Resource

win10v2004-20221111-en

modiloader persistence trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  132841b64fb904fe2adfd2c0db18b5e2a095fc84947463c2bc156efb9cb3ac72
- Size
  
  60KB
- MD5
  
  e578f6084191f2ff74950a631d8f7282
- SHA1
  
  f932dac9045a56b455e2aafd8bb47a6375abfa2b
- SHA256
  
  132841b64fb904fe2adfd2c0db18b5e2a095fc84947463c2bc156efb9cb3ac72
- SHA512
  
  9c40182d4c92f05374d3305e693998d28d2b05eadf50b6e3f4aa61f9a3e584417e05cab52c15dd2758dda7a8e8dd3bd9e70a44d73309862ab3a8fd42d58cb21e
- SSDEEP
  
  1536:5n4a/BelCxk1d2kSQkk3xVmlQir1FlRi:zp4djOkhVwPvlQ
Score

10^/10

modiloader persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderpersistencetrojan

behavioral2

modiloaderpersistencetrojan

© 2018-2024

Terms | Privacy