modiloader | d7d8371a9da125ecb4b8d8e0f136ce7a610354cd0a968048ea280cafe76c87ea | Triage

Submit
Reports

Overview

overview

Static

static

8

lxxtbsq/Lx...a1.exe

windows7-x64

lxxtbsq/Lx...a1.exe

windows10-2004-x64

lxxtbsq/lxspeed.dll

windows7-x64

1

lxxtbsq/lxspeed.dll

windows10-2004-x64

1

lxxtbsq/�...��.exe

windows7-x64

8

lxxtbsq/�...��.exe

windows10-2004-x64

8

lxxtbsq/�...��.url

windows7-x64

1

lxxtbsq/�...��.url

windows10-2004-x64

1

Sharing

General

Target

d7d8371a9da125ecb4b8d8e0f136ce7a610354cd0a968048ea280cafe76c87ea
Size

4.0MB
Sample

221126-xrtftagc37
MD5

f7f26c29a743619defae86987f02682d
SHA1

f91f4d7af3b50ac08a3aa65c24761dcbd550aded
SHA256

d7d8371a9da125ecb4b8d8e0f136ce7a610354cd0a968048ea280cafe76c87ea
SHA512

721f76d53d742b9c24e73beb89e36b2ab89444f8ee408667f6ba318123999842cabf514bf8d7eeb2ca677b6a7abef9774b3eda18dddec03fd24505c753872fe0
SSDEEP

98304:Y4FWf28X1WZrZelcDOSHmoC+7rmmnMbBBbmA+ptHR:Y4FAeZemOAxbvm+Mb761

Score

10^/10

modiloader trojan upx vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

lxxtbsq/Lx_Speed 1.5 Beta1.exe

Resource

win7-20220901-en

modiloader trojan upx vmprotect

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

lxxtbsq/Lx_Speed 1.5 Beta1.exe

Resource

win10v2004-20221111-en

modiloader trojan upx vmprotect

windows10-2004-x64

10 signatures

150 seconds

Behavioral task

behavioral3

Sample

lxxtbsq/lxspeed.dll

Resource

win7-20220901-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral4

Sample

lxxtbsq/lxspeed.dll

Resource

win10v2004-20221111-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral5

Sample

lxxtbsq/破解补丁.exe

Resource

win7-20221111-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral6

Sample

lxxtbsq/破解补丁.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

4 signatures

150 seconds

Behavioral task

behavioral7

Sample

lxxtbsq/西西软件园_游戏网下载_最安全的软件下载基地.url

Resource

win7-20220901-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral8

Sample

lxxtbsq/西西软件园_游戏网下载_最安全的软件下载基地.url

Resource

win10v2004-20221111-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Targets

- Target
  
  lxxtbsq/Lx_Speed 1.5 Beta1.exe
- Size
  
  2.2MB
- MD5
  
  d5fdd0a32bc734cc4abb7c39921c0051
- SHA1
  
  cca76e39f9c9e7a9dbb4544b275669e297edc522
- SHA256
  
  b3e4ec4f0233a46af22a024643deae26f6b1455b45dba5f5a3d6d59019a4b172
- SHA512
  
  e354883e69d7d538a7c37042d1b1ebf7499b987dba4d0464da492f9f9963c646689b394c069abfeaabc2ced9818511dd51e5685e29adace962c969b43f03a7cf
- SSDEEP
  
  49152:HeZ6epYyulT8r+d/PJOwKkfbPqm9QpDHfjuWULBtmQqvzUHe:HeseyvPJh9f2m9Q9HftULTmvvzUHe
Score

10^/10

modiloader trojan upx vmprotect
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  lxxtbsq/lxspeed.spd
- Size
  
  103KB
- MD5
  
  8005750ec63eb5292884ad6183ae2e77
- SHA1
  
  c83e31655e271cd9ef5bff62b10f8d51eb3ebf29
- SHA256
  
  df9f56c4da160101567b0526845228ee481ee7d2f98391696fa27fe41f8acf15
- SHA512
  
  febbc6374e9a5c7c9029ccbff2c0ecf448d76927c8d720a4eae513b345d2a3f6de8cf774ae40dcd335af59537666e83ce994ec0adc8b9e8ab4575415e3c3e206
- SSDEEP
  
  3072:75yP416sLgrTWiKc0rUH9rRq/SJIJmECqc2QOeH:czsMH0Yl2QE3zY
Score

1^/10
behavioral3 behavioral4
- Target
  
  lxxtbsq/破解补丁.exe
- Size
  
  1.6MB
- MD5
  
  e5c0784a64ca52c3e2c932b932d439e0
- SHA1
  
  388ec842a606750f44def7b259d5bde604b34bfd
- SHA256
  
  adcade3ecfd221bfbb5cb440a4bdaa58a9b00882c63bbe37192c37143bb69094
- SHA512
  
  6f4f31669ef36aec896d62bcda06ad2a10b57593cd0c4dbfd62fc959df71e425c5354e6f43058b94a445c2e39f5d621a6528a42eefc5f4a8cced3e0802e5e93a
- SSDEEP
  
  49152:kdr+P+HQihOWHXEN5sFHeJzHgvL86rdHRz:EwihfHUw1eJrgT8Y
Score

8^/10

upx vmprotect
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral5 behavioral6
- Target
  
  lxxtbsq/西西软件园_游戏网下载_最安全的软件下载基地.url
- Size
  
  174B
- MD5
  
  1fd50cdbc2596bda9c5336759dc3af7e
- SHA1
  
  74339e657b2edc43daf47f7c144a1c03eebd1cdc
- SHA256
  
  86b47fe5343c4817c5862d16ab6a5d5bea9e41ee9ebac8556178a3338376e70d
- SHA512
  
  edd09a0f538be9be1e877873d6252559b90161e956d98f3eb4838716a4e1e69843039ef21cf32903a4a2e94442c825e79d0454100d92955c773881ee875eef66
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloadertrojanupxvmprotect

behavioral2

modiloadertrojanupxvmprotect

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

© 2018-2024

Terms | Privacy