modiloader | 8bacd661f6d8f9d38b65f79b94ce9702b762f0936211516a3944b1f62b46a8f4 | Triage

Submit
Reports

Overview

overview

Static

static

8bacd661f6...f4.exe

windows7-x64

8bacd661f6...f4.exe

windows10-2004-x64

Sharing

General

Target

8bacd661f6d8f9d38b65f79b94ce9702b762f0936211516a3944b1f62b46a8f4
Size

1.5MB
Sample

221201-hzdyrsab2s
MD5

9352efed8e3e40f5f569b60cbc3d5fae
SHA1

f13a98ffcd41d92b63d7f2ee3d4f9cad57bbd08b
SHA256

8bacd661f6d8f9d38b65f79b94ce9702b762f0936211516a3944b1f62b46a8f4
SHA512

9a468ae4ede841036089a9c124e3d9bf14e21b3a2d5422ab10e433d3588144fe06f7214557a90fa260b00511bac201d7a9211715cee19ad7c5ef33b84ed987dd
SSDEEP

24576:XNUzXKZdvPTOOrMQ0425/JgpHYiI9D0+22WPdhC+X2d3LByko:X/HTOOrMTp/JgpNI9iPdhgEko

Score

10^/10

modiloader evasion persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

8bacd661f6d8f9d38b65f79b94ce9702b762f0936211516a3944b1f62b46a8f4.exe

Resource

win7-20220812-en

modiloader evasion persistence trojan upx

windows7-x64

23 signatures

150 seconds

Behavioral task

behavioral2

Sample

8bacd661f6d8f9d38b65f79b94ce9702b762f0936211516a3944b1f62b46a8f4.exe

Resource

win10v2004-20220812-en

modiloader evasion persistence trojan upx

windows10-2004-x64

23 signatures

150 seconds

Malware Config

Targets

- Target
  
  8bacd661f6d8f9d38b65f79b94ce9702b762f0936211516a3944b1f62b46a8f4
- Size
  
  1.5MB
- MD5
  
  9352efed8e3e40f5f569b60cbc3d5fae
- SHA1
  
  f13a98ffcd41d92b63d7f2ee3d4f9cad57bbd08b
- SHA256
  
  8bacd661f6d8f9d38b65f79b94ce9702b762f0936211516a3944b1f62b46a8f4
- SHA512
  
  9a468ae4ede841036089a9c124e3d9bf14e21b3a2d5422ab10e433d3588144fe06f7214557a90fa260b00511bac201d7a9211715cee19ad7c5ef33b84ed987dd
- SSDEEP
  
  24576:XNUzXKZdvPTOOrMQ0425/JgpHYiI9D0+22WPdhC+X2d3LByko:X/HTOOrMTp/JgpNI9iPdhgEko
Score

10^/10

modiloader evasion persistence trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies WinLogon for persistence
  persistence
- UAC bypass
  evasion trojan
- ModiLoader Second Stage
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Modify Registry

Bypass User Account Control

Disabling Security Tools

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

modiloaderevasionpersistencetrojanupx

behavioral2

modiloaderevasionpersistencetrojanupx

© 2018-2024

Terms | Privacy