modiloader | 3403f595a3a1adeade31927c13425fd7e40bc3d7b8f7c64ac57089158733ad83 | Triage

Submit
Reports

Overview

overview

Static

static

3403f595a3...83.exe

windows7-x64

3403f595a3...83.exe

windows10-2004-x64

Sharing

General

Target

3403f595a3a1adeade31927c13425fd7e40bc3d7b8f7c64ac57089158733ad83
Size

328KB
Sample

221127-kmxapadb57
MD5

3ae10c0e373a4c876bcd949944f6a896
SHA1

53245cb22dc7ec8022c9d9121bb7b1a8c58a8e20
SHA256

3403f595a3a1adeade31927c13425fd7e40bc3d7b8f7c64ac57089158733ad83
SHA512

cc7054630e7bb509d0f189a081f3e4411eb866f2ecc0def29c34a120e9f88cbd61b79f679077d7344bf70f807370455eeb17965d576d9ea8c7c88b5a642f9b18
SSDEEP

6144:jWplkmphlfqqxmMlVP+Can3/0Go8TRBHJWo7UMoe0:SplkMtk2VPUn8yHV7UMoe

Score

10^/10

modiloader evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

3403f595a3a1adeade31927c13425fd7e40bc3d7b8f7c64ac57089158733ad83.exe

Resource

win7-20221111-en

modiloader evasion persistence trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

3403f595a3a1adeade31927c13425fd7e40bc3d7b8f7c64ac57089158733ad83.exe

Resource

win10v2004-20221111-en

modiloader evasion persistence trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  3403f595a3a1adeade31927c13425fd7e40bc3d7b8f7c64ac57089158733ad83
- Size
  
  328KB
- MD5
  
  3ae10c0e373a4c876bcd949944f6a896
- SHA1
  
  53245cb22dc7ec8022c9d9121bb7b1a8c58a8e20
- SHA256
  
  3403f595a3a1adeade31927c13425fd7e40bc3d7b8f7c64ac57089158733ad83
- SHA512
  
  cc7054630e7bb509d0f189a081f3e4411eb866f2ecc0def29c34a120e9f88cbd61b79f679077d7344bf70f807370455eeb17965d576d9ea8c7c88b5a642f9b18
- SSDEEP
  
  6144:jWplkmphlfqqxmMlVP+Can3/0Go8TRBHJWo7UMoe0:SplkMtk2VPUn8yHV7UMoe
Score

10^/10

modiloader evasion persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Adds policy Run key to start application
  persistence
- Disables use of System Restore points
  evasion
- Deletes itself
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

modiloaderevasionpersistencetrojan

behavioral2

modiloaderevasionpersistencetrojan

© 2018-2024

Terms | Privacy