modiloader | cd7db258a66079af678a26ebb0f47c1046ff1be400f5fda69b8a695b919e1360 | Triage

Submit
Reports

Overview

overview

Static

static

cd7db258a6...60.exe

windows7-x64

cd7db258a6...60.exe

windows10-2004-x64

Sharing

General

Target

cd7db258a66079af678a26ebb0f47c1046ff1be400f5fda69b8a695b919e1360
Size

93KB
Sample

221128-xn2b9adc61
MD5

b12e3bfd4d30089250fa16eb0ac58067
SHA1

23aef62c54a806c134db044a8888cd7ef51fe708
SHA256

cd7db258a66079af678a26ebb0f47c1046ff1be400f5fda69b8a695b919e1360
SHA512

3da8f194958c4bd4a2285ff4622eeb6e4a6b953fe9a462c6c261398a3b41a7397f9d78ac02dc745b02d9ac4bd46ba1721385c55d56f8f8913efa72798ef95bc6
SSDEEP

1536:wIDhJ4jzdtt1Z88cdB/ENnRdoiGoqYy923kAPdHnJDQJR/QXtMk0NJ:wWkvJMqOHY33htNQ3Wf0N

Score

10^/10

modiloader njrat trojan

Static task

static1

modiloader njrat

3 signatures

Behavioral task

behavioral1

Sample

cd7db258a66079af678a26ebb0f47c1046ff1be400f5fda69b8a695b919e1360.exe

Resource

win7-20220812-en

modiloader njrat trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

cd7db258a66079af678a26ebb0f47c1046ff1be400f5fda69b8a695b919e1360.exe

Resource

win10v2004-20221111-en

modiloader njrat trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  cd7db258a66079af678a26ebb0f47c1046ff1be400f5fda69b8a695b919e1360
- Size
  
  93KB
- MD5
  
  b12e3bfd4d30089250fa16eb0ac58067
- SHA1
  
  23aef62c54a806c134db044a8888cd7ef51fe708
- SHA256
  
  cd7db258a66079af678a26ebb0f47c1046ff1be400f5fda69b8a695b919e1360
- SHA512
  
  3da8f194958c4bd4a2285ff4622eeb6e4a6b953fe9a462c6c261398a3b41a7397f9d78ac02dc745b02d9ac4bd46ba1721385c55d56f8f8913efa72798ef95bc6
- SSDEEP
  
  1536:wIDhJ4jzdtt1Z88cdB/ENnRdoiGoqYy923kAPdHnJDQJR/QXtMk0NJ:wWkvJMqOHY33htNQ3Wf0N
Score

10^/10

modiloader njrat trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- ModiLoader Second Stage
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

modiloadernjrat

behavioral1

modiloadernjrattrojan

behavioral2

modiloadernjrattrojan

© 2018-2024

Terms | Privacy