modiloader | 81e51528311595ec96dd241158324a18f38b786c3196178aba76e0a7938d8825 | Triage

Submit
Reports

Overview

overview

Static

static

81e5152831...25.exe

windows7-x64

81e5152831...25.exe

windows10-2004-x64

3

Sharing

General

Target

81e51528311595ec96dd241158324a18f38b786c3196178aba76e0a7938d8825
Size

4.3MB
Sample

221201-crhdbsfa24
MD5

c8ac5d1054a517fb750cc7c957da4c7a
SHA1

edd1d33954ad0835080d5d816cb0b10f22faf604
SHA256

81e51528311595ec96dd241158324a18f38b786c3196178aba76e0a7938d8825
SHA512

960f884e16245e1da816771116b558fc90523d4aefed177d1abce2466a68171035e5d9af05c53890e09a356e89bd71f096d05fb5bfee2a2a44f15f43d8aa5eac
SSDEEP

24576:QB3TeiR5f7bThflY9KTC6Ztw0jrpFo3Uybs+tBib/9vS0sD9IteFF1HL0U3i:Gf7bThC94C6vwGHoEws7b/RKFThS

Score

10^/10

modiloader evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

81e51528311595ec96dd241158324a18f38b786c3196178aba76e0a7938d8825.exe

Resource

win7-20220812-en

modiloader evasion persistence trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

81e51528311595ec96dd241158324a18f38b786c3196178aba76e0a7938d8825.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Targets

- Target
  
  81e51528311595ec96dd241158324a18f38b786c3196178aba76e0a7938d8825
- Size
  
  4.3MB
- MD5
  
  c8ac5d1054a517fb750cc7c957da4c7a
- SHA1
  
  edd1d33954ad0835080d5d816cb0b10f22faf604
- SHA256
  
  81e51528311595ec96dd241158324a18f38b786c3196178aba76e0a7938d8825
- SHA512
  
  960f884e16245e1da816771116b558fc90523d4aefed177d1abce2466a68171035e5d9af05c53890e09a356e89bd71f096d05fb5bfee2a2a44f15f43d8aa5eac
- SSDEEP
  
  24576:QB3TeiR5f7bThflY9KTC6Ztw0jrpFo3Uybs+tBib/9vS0sD9IteFF1HL0U3i:Gf7bThC94C6vwGHoEws7b/RKFThS
Score

10^/10

modiloader evasion persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- UAC bypass
  evasion trojan
- ModiLoader Second Stage
- Executes dropped EXE
- Deletes itself
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

modiloaderevasionpersistencetrojan

behavioral2

© 2018-2024

Terms | Privacy