modiloader | 8253821bf456177b4c835e5eb3f4087ff356972e02ffe7b53f510087f0b76868 | Triage

Submit
Reports

Overview

overview

Static

static

8253821bf4...68.exe

windows7-x64

8253821bf4...68.exe

windows10-2004-x64

Sharing

General

Target

8253821bf456177b4c835e5eb3f4087ff356972e02ffe7b53f510087f0b76868
Size

667KB
Sample

221201-cpmv2aeg64
MD5

35c79dd571e9798e4e607d55965ce447
SHA1

d7c29555287c935cfc1ff27fa120861526e44248
SHA256

8253821bf456177b4c835e5eb3f4087ff356972e02ffe7b53f510087f0b76868
SHA512

05085bfb2b204b7c93b3e8a1e0b834e93dfd8cda6200c6e480bb96f28582f3c7052a406da64d8cceb3cb887a90254cb1a7e8773d32ab346d1850340d36c4b6fd
SSDEEP

12288:35MFIglMy3WYJYvE0Ugq1b7mtllr+59OgkkLKXz1huQY1KBHE36:32CYZiagq1n2nr9ghLenu71ck36

Score

10^/10

modiloader evasion trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

8253821bf456177b4c835e5eb3f4087ff356972e02ffe7b53f510087f0b76868.exe

Resource

win7-20220812-en

modiloader evasion trojan upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

8253821bf456177b4c835e5eb3f4087ff356972e02ffe7b53f510087f0b76868.exe

Resource

win10v2004-20221111-en

modiloader evasion trojan upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  8253821bf456177b4c835e5eb3f4087ff356972e02ffe7b53f510087f0b76868
- Size
  
  667KB
- MD5
  
  35c79dd571e9798e4e607d55965ce447
- SHA1
  
  d7c29555287c935cfc1ff27fa120861526e44248
- SHA256
  
  8253821bf456177b4c835e5eb3f4087ff356972e02ffe7b53f510087f0b76868
- SHA512
  
  05085bfb2b204b7c93b3e8a1e0b834e93dfd8cda6200c6e480bb96f28582f3c7052a406da64d8cceb3cb887a90254cb1a7e8773d32ab346d1850340d36c4b6fd
- SSDEEP
  
  12288:35MFIglMy3WYJYvE0Ugq1b7mtllr+59OgkkLKXz1huQY1KBHE36:32CYZiagq1n2nr9ghLenu71ck36
Score

10^/10

modiloader evasion trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- UAC bypass
  evasion trojan
- ModiLoader Second Stage
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

modiloaderevasiontrojanupx

behavioral2

modiloaderevasiontrojanupx

© 2018-2024

Terms | Privacy