modiloader | 88a8c584d56f7c6abff020366136639f22d197c5fa0a7b932199bcc3e65d4efd | Triage

Submit
Reports

Overview

overview

Static

static

88a8c584d5...fd.exe

windows7-x64

88a8c584d5...fd.exe

windows10-2004-x64

Sharing

General

Target

88a8c584d56f7c6abff020366136639f22d197c5fa0a7b932199bcc3e65d4efd
Size

826KB
Sample

221201-pfwsssfd49
MD5

3bafb9e09df62e6d89ca3a7edf06b099
SHA1

2925b3ae7d5758535f4effdc419591377aeb8992
SHA256

88a8c584d56f7c6abff020366136639f22d197c5fa0a7b932199bcc3e65d4efd
SHA512

b3deb5c57c6e53ce9ccbee89f4f45e9d1fbf405151bfdc811b732ee7312ad763ff6641b3dca06c80ee95bb5bc22aa0fb6984be17b0db46a93b239db3fc940bc3
SSDEEP

24576:KO2emsEzSdJxe4JlKgRhk1Fvkif+2vUTlZzTElifi:KhsEzkHKqq1Fv+2vMltd

Score

10^/10

modiloader evasion persistence trojan upx vmprotect

Static task

static1

Behavioral task

behavioral1

Sample

88a8c584d56f7c6abff020366136639f22d197c5fa0a7b932199bcc3e65d4efd.exe

Resource

win7-20221111-en

modiloader evasion persistence trojan upx vmprotect

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

88a8c584d56f7c6abff020366136639f22d197c5fa0a7b932199bcc3e65d4efd.exe

Resource

win10v2004-20221111-en

modiloader evasion persistence trojan upx vmprotect

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  88a8c584d56f7c6abff020366136639f22d197c5fa0a7b932199bcc3e65d4efd
- Size
  
  826KB
- MD5
  
  3bafb9e09df62e6d89ca3a7edf06b099
- SHA1
  
  2925b3ae7d5758535f4effdc419591377aeb8992
- SHA256
  
  88a8c584d56f7c6abff020366136639f22d197c5fa0a7b932199bcc3e65d4efd
- SHA512
  
  b3deb5c57c6e53ce9ccbee89f4f45e9d1fbf405151bfdc811b732ee7312ad763ff6641b3dca06c80ee95bb5bc22aa0fb6984be17b0db46a93b239db3fc940bc3
- SSDEEP
  
  24576:KO2emsEzSdJxe4JlKgRhk1Fvkif+2vUTlZzTElifi:KhsEzkHKqq1Fv+2vMltd
Score

10^/10

modiloader evasion persistence trojan upx vmprotect
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- UAC bypass
  evasion trojan
- ModiLoader Second Stage
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

modiloaderevasionpersistencetrojanupxvmprotect

behavioral2

modiloaderevasionpersistencetrojanupxvmprotect

© 2018-2024

Terms | Privacy