modiloader | 174a89845245b9d2d44fa683d7f21e78ac9dbee69212c17770b204ca2c1f51d1 | Triage

Submit
Reports

Overview

overview

Static

static

174a898452...d1.exe

windows7-x64

174a898452...d1.exe

windows10-2004-x64

Sharing

General

Target

174a89845245b9d2d44fa683d7f21e78ac9dbee69212c17770b204ca2c1f51d1
Size

416KB
Sample

221127-11t1gscc57
MD5

e09d110c163d7fa4cbb0e2eada55ad2e
SHA1

a06a7a4c576e771cb42f40040e59b695c574adc9
SHA256

174a89845245b9d2d44fa683d7f21e78ac9dbee69212c17770b204ca2c1f51d1
SHA512

8ed4b2aca37c95eb91014289f4b18934b0d4080f5cc5265b55cfdb42e0cdbead3b2800f488fb0f78769ba2f78764dce8ad0d0910d93e0e2f62a890a2a73dc2f3
SSDEEP

6144:92pzkx73KLxCXNg7CCwWX5xqmigHLkR08CCdOGV8c65AcOlpotWlLjW/z6:op276Uz+fqmieeZtJ6mcOzoINyL6

Score

10^/10

modiloader evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

174a89845245b9d2d44fa683d7f21e78ac9dbee69212c17770b204ca2c1f51d1.exe

Resource

win7-20220812-en

modiloader evasion persistence trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

174a89845245b9d2d44fa683d7f21e78ac9dbee69212c17770b204ca2c1f51d1.exe

Resource

win10v2004-20220901-en

modiloader evasion persistence trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  174a89845245b9d2d44fa683d7f21e78ac9dbee69212c17770b204ca2c1f51d1
- Size
  
  416KB
- MD5
  
  e09d110c163d7fa4cbb0e2eada55ad2e
- SHA1
  
  a06a7a4c576e771cb42f40040e59b695c574adc9
- SHA256
  
  174a89845245b9d2d44fa683d7f21e78ac9dbee69212c17770b204ca2c1f51d1
- SHA512
  
  8ed4b2aca37c95eb91014289f4b18934b0d4080f5cc5265b55cfdb42e0cdbead3b2800f488fb0f78769ba2f78764dce8ad0d0910d93e0e2f62a890a2a73dc2f3
- SSDEEP
  
  6144:92pzkx73KLxCXNg7CCwWX5xqmigHLkR08CCdOGV8c65AcOlpotWlLjW/z6:op276Uz+fqmieeZtJ6mcOzoINyL6
Score

10^/10

modiloader evasion persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Adds policy Run key to start application
  persistence
- Disables use of System Restore points
  evasion
- Deletes itself
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

modiloaderevasionpersistencetrojan

behavioral2

modiloaderevasionpersistencetrojan

© 2018-2024

Terms | Privacy