modiloader | 8db7e68544f7c3b81a16ac7c2b2f0d2aa3b53aa9bffdef14699ab45d4bbf96c9 | Triage

Submit
Reports

Overview

overview

Static

static

8db7e68544...c9.exe

windows7-x64

8db7e68544...c9.exe

windows10-2004-x64

Sharing

General

Target

8db7e68544f7c3b81a16ac7c2b2f0d2aa3b53aa9bffdef14699ab45d4bbf96c9
Size

1.1MB
Sample

221129-gcefcaaf62
MD5

58402abe7ecced2abd8fe481a4bf9850
SHA1

b1a459210ade7c983b6cdabfbf4616aa9a5715ae
SHA256

8db7e68544f7c3b81a16ac7c2b2f0d2aa3b53aa9bffdef14699ab45d4bbf96c9
SHA512

07b39030db9d90fce0d51b69e45efc15aee7e0bbc860cd61fc66e83cd883452534fbca3366cb4beb939b1de6b52db513cf649999da86a7cabd2cbf942007ba7b
SSDEEP

24576:OvwQyBaWnBCqyaaNCM2OAjpuDqhweV/ONdm:OvlyBaWntyrNBlA9uGhwvNdm

Score

10^/10

modiloader evasion trojan

Static task

static1

Behavioral task

behavioral1

Sample

8db7e68544f7c3b81a16ac7c2b2f0d2aa3b53aa9bffdef14699ab45d4bbf96c9.exe

Resource

win7-20220812-en

modiloader evasion trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

8db7e68544f7c3b81a16ac7c2b2f0d2aa3b53aa9bffdef14699ab45d4bbf96c9.exe

Resource

win10v2004-20221111-en

modiloader evasion trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  8db7e68544f7c3b81a16ac7c2b2f0d2aa3b53aa9bffdef14699ab45d4bbf96c9
- Size
  
  1.1MB
- MD5
  
  58402abe7ecced2abd8fe481a4bf9850
- SHA1
  
  b1a459210ade7c983b6cdabfbf4616aa9a5715ae
- SHA256
  
  8db7e68544f7c3b81a16ac7c2b2f0d2aa3b53aa9bffdef14699ab45d4bbf96c9
- SHA512
  
  07b39030db9d90fce0d51b69e45efc15aee7e0bbc860cd61fc66e83cd883452534fbca3366cb4beb939b1de6b52db513cf649999da86a7cabd2cbf942007ba7b
- SSDEEP
  
  24576:OvwQyBaWnBCqyaaNCM2OAjpuDqhweV/ONdm:OvlyBaWntyrNBlA9uGhwvNdm
Score

10^/10

modiloader evasion trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderevasiontrojan

behavioral2

modiloaderevasiontrojan

© 2018-2024

Terms | Privacy