modiloader | cec38dab7cb263d1cd96f3908a87d7282df4dcdf3e362b773414e4a2d766862d | Triage

Submit
Reports

Overview

overview

Static

static

8

cec38dab7c...2d.exe

windows7-x64

8

cec38dab7c...2d.exe

windows10-2004-x64

Sharing

General

Target

cec38dab7cb263d1cd96f3908a87d7282df4dcdf3e362b773414e4a2d766862d
Size

443KB
Sample

221126-vvz2naea6x
MD5

3e9b02fef05c3364a4d688f3b7ea8741
SHA1

ecb95240df4befdbdc96e3697b13a32a43296095
SHA256

cec38dab7cb263d1cd96f3908a87d7282df4dcdf3e362b773414e4a2d766862d
SHA512

1fa50f692e8be489ae923ec0e5fec8aca41e7eaba32d4471e795051be2ffb8040c569b246ff351c3e49a6056eea027113baf1c94bff890aebcd83062606fbe29
SSDEEP

12288:XFJs3XraGmcmd/26o9juQ+pDQZPCgev4YYbTu:Xjs3XFxxpJ+pDKQJoTu

Score

10^/10

modiloader persistence trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

cec38dab7cb263d1cd96f3908a87d7282df4dcdf3e362b773414e4a2d766862d.exe

Resource

win7-20220812-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

cec38dab7cb263d1cd96f3908a87d7282df4dcdf3e362b773414e4a2d766862d.exe

Resource

win10v2004-20220812-en

modiloader persistence trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  cec38dab7cb263d1cd96f3908a87d7282df4dcdf3e362b773414e4a2d766862d
- Size
  
  443KB
- MD5
  
  3e9b02fef05c3364a4d688f3b7ea8741
- SHA1
  
  ecb95240df4befdbdc96e3697b13a32a43296095
- SHA256
  
  cec38dab7cb263d1cd96f3908a87d7282df4dcdf3e362b773414e4a2d766862d
- SHA512
  
  1fa50f692e8be489ae923ec0e5fec8aca41e7eaba32d4471e795051be2ffb8040c569b246ff351c3e49a6056eea027113baf1c94bff890aebcd83062606fbe29
- SSDEEP
  
  12288:XFJs3XraGmcmd/26o9juQ+pDQZPCgev4YYbTu:Xjs3XFxxpJ+pDKQJoTu
Score

10^/10

upx modiloader persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

modiloaderpersistencetrojanupx

© 2018-2024

Terms | Privacy