modiloader | d179a68f4095e24a67e6fbe7b026a6f351dbfe30bdfea14ce057fdb2fe4d5b33 | Triage

Submit
Reports

Overview

overview

Static

static

d179a68f40...33.exe

windows7-x64

d179a68f40...33.exe

windows10-2004-x64

Sharing

General

Target

d179a68f4095e24a67e6fbe7b026a6f351dbfe30bdfea14ce057fdb2fe4d5b33
Size

18KB
Sample

221201-mdmq1ach71
MD5

3a539c0ea76b1b87b36adcd1535e4401
SHA1

4b727c6d1bb732320381e0471c203ebc50e2eb2e
SHA256

d179a68f4095e24a67e6fbe7b026a6f351dbfe30bdfea14ce057fdb2fe4d5b33
SHA512

9a748b331e27be43a99401b6ca65f1a6244a9ea9578fd8bcd8acbf9d9478b07ea636a8d872c0becb98a8e71ceb1481032fbb5bce19b5aee3787eaa7fa51ee5d4
SSDEEP

384:cEw7wknHOYXQdhLGPvCaV4pLS7OGQ8xy1CzcNp6wne:cEw7wkHOYEGPvCaV4pLzb1fNp

Score

10^/10

modiloader persistence trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

d179a68f4095e24a67e6fbe7b026a6f351dbfe30bdfea14ce057fdb2fe4d5b33.exe

Resource

win7-20221111-en

modiloader persistence trojan upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

d179a68f4095e24a67e6fbe7b026a6f351dbfe30bdfea14ce057fdb2fe4d5b33.exe

Resource

win10v2004-20221111-en

modiloader persistence trojan upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  d179a68f4095e24a67e6fbe7b026a6f351dbfe30bdfea14ce057fdb2fe4d5b33
- Size
  
  18KB
- MD5
  
  3a539c0ea76b1b87b36adcd1535e4401
- SHA1
  
  4b727c6d1bb732320381e0471c203ebc50e2eb2e
- SHA256
  
  d179a68f4095e24a67e6fbe7b026a6f351dbfe30bdfea14ce057fdb2fe4d5b33
- SHA512
  
  9a748b331e27be43a99401b6ca65f1a6244a9ea9578fd8bcd8acbf9d9478b07ea636a8d872c0becb98a8e71ceb1481032fbb5bce19b5aee3787eaa7fa51ee5d4
- SSDEEP
  
  384:cEw7wknHOYXQdhLGPvCaV4pLS7OGQ8xy1CzcNp6wne:cEw7wkHOYEGPvCaV4pLzb1fNp
Score

10^/10

modiloader persistence trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

modiloaderpersistencetrojanupx

behavioral2

modiloaderpersistencetrojanupx

© 2018-2024

Terms | Privacy