modiloader | 141a9ca8fb97638722fe13d93095afe0c2dda80aac51f45d42bedd1447c13634 | Triage

Submit
Reports

Overview

overview

Static

static

141a9ca8fb...34.exe

windows7-x64

141a9ca8fb...34.exe

windows10-2004-x64

Sharing

General

Target

141a9ca8fb97638722fe13d93095afe0c2dda80aac51f45d42bedd1447c13634
Size

58KB
Sample

221126-cnd7haea85
MD5

63ec381f7a8599fa9b8dda5186b98b84
SHA1

9d7bc5f1a211cca51107c303010a8b05084ddb4d
SHA256

141a9ca8fb97638722fe13d93095afe0c2dda80aac51f45d42bedd1447c13634
SHA512

81a3abb98224f2f7fa255dcb6da2caad2b7947e062842641ba4b8594bf41dc9c538bce293a11a3935dc55804dc26dfacb4caad81e74335c0d1226c5e31f1f06e
SSDEEP

768:d6N1T7WFgtA4hX4dmJMRvhBKn0zXZdzaqHOQhCXZ8k+MYIbXLlCb4O5s1VWI3/7T:MZ7Ry7RvhBK0FIu7sJJtYI/C5WWcTI+

Score

10^/10

modiloader persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

141a9ca8fb97638722fe13d93095afe0c2dda80aac51f45d42bedd1447c13634.exe

Resource

win7-20221111-en

modiloader persistence trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

141a9ca8fb97638722fe13d93095afe0c2dda80aac51f45d42bedd1447c13634.exe

Resource

win10v2004-20221111-en

modiloader persistence trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  141a9ca8fb97638722fe13d93095afe0c2dda80aac51f45d42bedd1447c13634
- Size
  
  58KB
- MD5
  
  63ec381f7a8599fa9b8dda5186b98b84
- SHA1
  
  9d7bc5f1a211cca51107c303010a8b05084ddb4d
- SHA256
  
  141a9ca8fb97638722fe13d93095afe0c2dda80aac51f45d42bedd1447c13634
- SHA512
  
  81a3abb98224f2f7fa255dcb6da2caad2b7947e062842641ba4b8594bf41dc9c538bce293a11a3935dc55804dc26dfacb4caad81e74335c0d1226c5e31f1f06e
- SSDEEP
  
  768:d6N1T7WFgtA4hX4dmJMRvhBKn0zXZdzaqHOQhCXZ8k+MYIbXLlCb4O5s1VWI3/7T:MZ7Ry7RvhBK0FIu7sJJtYI/C5WWcTI+
Score

10^/10

modiloader persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderpersistencetrojan

behavioral2

modiloaderpersistencetrojan

© 2018-2024

Terms | Privacy