modiloader | feb4160c04797471ba1ee5673f181e719706f5950eecbb119de20575dc9612a6 | Triage

Submit
Reports

Overview

overview

Static

static

1

feb4160c04...a6.exe

windows7-x64

feb4160c04...a6.exe

windows10-2004-x64

Sharing

General

Target

feb4160c04797471ba1ee5673f181e719706f5950eecbb119de20575dc9612a6
Size

76KB
Sample

221128-btgzxahh21
MD5

224eafc304152362f7da0a216c4d4afa
SHA1

363a0434337e70d7a65d9f6f244c37c192f1381e
SHA256

feb4160c04797471ba1ee5673f181e719706f5950eecbb119de20575dc9612a6
SHA512

32da63ae2492a2b1cd7e92525e36175bf46f80f33108dc551b6a59a38e57ba3c29a7c9adfbdee03625e591781293bdb16db548413c917a74e4b0d9fa0a1b3bea
SSDEEP

1536:NQ1uILGBZbj4GUUQT0DrXJ6xOWtGcjt7+7Jriua/wd/x4Hyfh:NQoOG/Xth9DrXJmOWtGcjtS7Juurd/+w

Score

10^/10

modiloader persistence trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

feb4160c04797471ba1ee5673f181e719706f5950eecbb119de20575dc9612a6.exe

Resource

win7-20221111-en

modiloader persistence trojan upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

feb4160c04797471ba1ee5673f181e719706f5950eecbb119de20575dc9612a6.exe

Resource

win10v2004-20220812-en

modiloader persistence trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  feb4160c04797471ba1ee5673f181e719706f5950eecbb119de20575dc9612a6
- Size
  
  76KB
- MD5
  
  224eafc304152362f7da0a216c4d4afa
- SHA1
  
  363a0434337e70d7a65d9f6f244c37c192f1381e
- SHA256
  
  feb4160c04797471ba1ee5673f181e719706f5950eecbb119de20575dc9612a6
- SHA512
  
  32da63ae2492a2b1cd7e92525e36175bf46f80f33108dc551b6a59a38e57ba3c29a7c9adfbdee03625e591781293bdb16db548413c917a74e4b0d9fa0a1b3bea
- SSDEEP
  
  1536:NQ1uILGBZbj4GUUQT0DrXJ6xOWtGcjt7+7Jriua/wd/x4Hyfh:NQoOG/Xth9DrXJmOWtGcjtS7Juurd/+w
Score

10^/10

modiloader persistence trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

modiloaderpersistencetrojanupx

behavioral2

modiloaderpersistencetrojanupx

© 2018-2024

Terms | Privacy