modiloader | 41f4ce65d92c76258a16482a2b660ee524b42695f668d93e23b3ddc57cde00e6 | Triage

Submit
Reports

Overview

overview

Static

static

41f4ce65d9...e6.exe

windows7-x64

41f4ce65d9...e6.exe

windows10-2004-x64

Sharing

General

Target

41f4ce65d92c76258a16482a2b660ee524b42695f668d93e23b3ddc57cde00e6
Size

354KB
Sample

221128-xw434saa73
MD5

c662257308114e807cb6b437745c3b08
SHA1

6fe2384d83cbcd37b3a3c5a863ccdcb78977b18b
SHA256

41f4ce65d92c76258a16482a2b660ee524b42695f668d93e23b3ddc57cde00e6
SHA512

81249c20aefca4085b0a2484ea68bdff9e05821a4900c17ba98848ed5e0f4c1291f7cd25d26ba9a0369f619a48556fa45eb902be5e60102c03ccc7ab2f425448
SSDEEP

6144:qHUVKdUXp4WdapG8t2Dma25dzUUGHD6PvzV4mG15jbdNtIjHj3I8KGiZh5gUvmCH:qHvmsI80DmN59UaGPb/aTDI8hiZh5gq5

Score

10^/10

modiloader evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

41f4ce65d92c76258a16482a2b660ee524b42695f668d93e23b3ddc57cde00e6.exe

Resource

win7-20220901-en

modiloader evasion persistence trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

41f4ce65d92c76258a16482a2b660ee524b42695f668d93e23b3ddc57cde00e6.exe

Resource

win10v2004-20220812-en

modiloader evasion persistence trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  41f4ce65d92c76258a16482a2b660ee524b42695f668d93e23b3ddc57cde00e6
- Size
  
  354KB
- MD5
  
  c662257308114e807cb6b437745c3b08
- SHA1
  
  6fe2384d83cbcd37b3a3c5a863ccdcb78977b18b
- SHA256
  
  41f4ce65d92c76258a16482a2b660ee524b42695f668d93e23b3ddc57cde00e6
- SHA512
  
  81249c20aefca4085b0a2484ea68bdff9e05821a4900c17ba98848ed5e0f4c1291f7cd25d26ba9a0369f619a48556fa45eb902be5e60102c03ccc7ab2f425448
- SSDEEP
  
  6144:qHUVKdUXp4WdapG8t2Dma25dzUUGHD6PvzV4mG15jbdNtIjHj3I8KGiZh5gUvmCH:qHvmsI80DmN59UaGPb/aTDI8hiZh5gq5
Score

10^/10

modiloader evasion persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- UAC bypass
  evasion trojan
- ModiLoader Second Stage
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderevasionpersistencetrojan

behavioral2

modiloaderevasionpersistencetrojan

© 2018-2024

Terms | Privacy