modiloader | 140c336e578f387e15b915a88e758d1c9d2d50b481bbf854d690d6d10b5fdbf2 | Triage

Submit
Reports

Overview

overview

Static

static

140c336e57...f2.exe

windows7-x64

140c336e57...f2.exe

windows10-2004-x64

Sharing

General

Target

140c336e578f387e15b915a88e758d1c9d2d50b481bbf854d690d6d10b5fdbf2
Size

351KB
Sample

221127-2rgt8sec35
MD5

c115ce6cf50f376c3d1f1e36475487b8
SHA1

dad3d5086883dbdec31d6713435b66027781c81d
SHA256

140c336e578f387e15b915a88e758d1c9d2d50b481bbf854d690d6d10b5fdbf2
SHA512

f56c882adce1f63c6c0802ea4082edebbcecb5b67ee9f86314d78d73777c22553948b8c0ca9423b5d4b9163f134e1ff9d889f5c7dfcadc9c63a4615ce60cf954
SSDEEP

6144:4Wp6ieUmaTt8Mt6W3341T1HWL9FGaLPJBvIdGyrbOKLZLcV5C7:5pilPMZM12L9FHLPJNwGyrCKL+V0

Score

10^/10

modiloader evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

140c336e578f387e15b915a88e758d1c9d2d50b481bbf854d690d6d10b5fdbf2.exe

Resource

win7-20220812-en

modiloader evasion persistence trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

140c336e578f387e15b915a88e758d1c9d2d50b481bbf854d690d6d10b5fdbf2.exe

Resource

win10v2004-20220812-en

modiloader evasion persistence trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  140c336e578f387e15b915a88e758d1c9d2d50b481bbf854d690d6d10b5fdbf2
- Size
  
  351KB
- MD5
  
  c115ce6cf50f376c3d1f1e36475487b8
- SHA1
  
  dad3d5086883dbdec31d6713435b66027781c81d
- SHA256
  
  140c336e578f387e15b915a88e758d1c9d2d50b481bbf854d690d6d10b5fdbf2
- SHA512
  
  f56c882adce1f63c6c0802ea4082edebbcecb5b67ee9f86314d78d73777c22553948b8c0ca9423b5d4b9163f134e1ff9d889f5c7dfcadc9c63a4615ce60cf954
- SSDEEP
  
  6144:4Wp6ieUmaTt8Mt6W3341T1HWL9FGaLPJBvIdGyrbOKLZLcV5C7:5pilPMZM12L9FHLPJNwGyrCKL+V0
Score

10^/10

modiloader evasion persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Adds policy Run key to start application
  persistence
- Disables use of System Restore points
  evasion
- Deletes itself
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

modiloaderevasionpersistencetrojan

behavioral2

modiloaderevasionpersistencetrojan

© 2018-2024

Terms | Privacy