modiloader | f4e1c50b5ab1019860596684c5151b27ae95ddbbc0720bab1c3eb9a1e5f5c97d | Triage

Submit
Reports

Overview

overview

Static

static

f4e1c50b5a...7d.exe

windows7-x64

f4e1c50b5a...7d.exe

windows10-2004-x64

Sharing

General

Target

f4e1c50b5ab1019860596684c5151b27ae95ddbbc0720bab1c3eb9a1e5f5c97d
Size

192KB
Sample

221201-kqfr4sbg53
MD5

c75d6eb45b9ea9bc4ff58a72dda635d4
SHA1

01a7ccb343b3ff59d7f857c4d43af389497826a5
SHA256

f4e1c50b5ab1019860596684c5151b27ae95ddbbc0720bab1c3eb9a1e5f5c97d
SHA512

4926f093d91e9fa9aa0970327f2301f4681e1d80abcce30a345e7855e2a96588a7f534f5dfa21724a8634effaa5408592c92b73fcdf54ca6e657d4f42377a434
SSDEEP

3072:AyWZThpvKfdsLaS0hiPfsvs+fe8b4dhecAU2Tk7uqnWSSX8SDw22u8dk/FF3Pph5:ABNi3i8vsI5U2qLn0Xlz2u8dkH/75

Score

10^/10

modiloader evasion persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

f4e1c50b5ab1019860596684c5151b27ae95ddbbc0720bab1c3eb9a1e5f5c97d.exe

Resource

win7-20220812-en

modiloader evasion persistence trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

f4e1c50b5ab1019860596684c5151b27ae95ddbbc0720bab1c3eb9a1e5f5c97d.exe

Resource

win10v2004-20220901-en

modiloader evasion persistence trojan upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  f4e1c50b5ab1019860596684c5151b27ae95ddbbc0720bab1c3eb9a1e5f5c97d
- Size
  
  192KB
- MD5
  
  c75d6eb45b9ea9bc4ff58a72dda635d4
- SHA1
  
  01a7ccb343b3ff59d7f857c4d43af389497826a5
- SHA256
  
  f4e1c50b5ab1019860596684c5151b27ae95ddbbc0720bab1c3eb9a1e5f5c97d
- SHA512
  
  4926f093d91e9fa9aa0970327f2301f4681e1d80abcce30a345e7855e2a96588a7f534f5dfa21724a8634effaa5408592c92b73fcdf54ca6e657d4f42377a434
- SSDEEP
  
  3072:AyWZThpvKfdsLaS0hiPfsvs+fe8b4dhecAU2Tk7uqnWSSX8SDw22u8dk/FF3Pph5:ABNi3i8vsI5U2qLn0Xlz2u8dkH/75
Score

10^/10

modiloader evasion persistence trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- UAC bypass
  evasion trojan
- ModiLoader Second Stage
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

modiloaderevasionpersistencetrojanupx

behavioral2

modiloaderevasionpersistencetrojanupx

© 2018-2024

Terms | Privacy