modiloader | ec3873b9136338a5b8d42353cf33ea70496e6f9768ff7779d087800b84d5492c | Triage

Submit
Reports

Overview

overview

Static

static

ec3873b913...2c.exe

windows7-x64

ec3873b913...2c.exe

windows10-2004-x64

8

Sharing

General

Target

ec3873b9136338a5b8d42353cf33ea70496e6f9768ff7779d087800b84d5492c
Size

668KB
Sample

221203-nqhhgsfe59
MD5

7434b6c4ee381a0c83e1a25305d5e29f
SHA1

9aaac47d1101c74cedb331a7e5a3c08d8a694f20
SHA256

ec3873b9136338a5b8d42353cf33ea70496e6f9768ff7779d087800b84d5492c
SHA512

79ad32bfb7a7fa3071e492ce110f8ba2902d89a657e3571769f008e84fc67a55ee3576e3e98b3dc6e9b53353fae9e00e1f565e278b606d3d727821da720cb7a4
SSDEEP

12288:1MkI8TndMPYINs+WaKOfXhFa8wodovujk2nWNYCZzl2C4D7pQRi1o/2rNoNSXf:1LhTnovpWaKOPapBywY+wHD7SRiKu2Yf

Score

10^/10

modiloader evasion persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

ec3873b9136338a5b8d42353cf33ea70496e6f9768ff7779d087800b84d5492c.exe

Resource

win7-20221111-en

modiloader evasion persistence trojan upx

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

ec3873b9136338a5b8d42353cf33ea70496e6f9768ff7779d087800b84d5492c.exe

Resource

win10v2004-20220812-en

evasion trojan upx

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  ec3873b9136338a5b8d42353cf33ea70496e6f9768ff7779d087800b84d5492c
- Size
  
  668KB
- MD5
  
  7434b6c4ee381a0c83e1a25305d5e29f
- SHA1
  
  9aaac47d1101c74cedb331a7e5a3c08d8a694f20
- SHA256
  
  ec3873b9136338a5b8d42353cf33ea70496e6f9768ff7779d087800b84d5492c
- SHA512
  
  79ad32bfb7a7fa3071e492ce110f8ba2902d89a657e3571769f008e84fc67a55ee3576e3e98b3dc6e9b53353fae9e00e1f565e278b606d3d727821da720cb7a4
- SSDEEP
  
  12288:1MkI8TndMPYINs+WaKOfXhFa8wodovujk2nWNYCZzl2C4D7pQRi1o/2rNoNSXf:1LhTnovpWaKOPapBywY+wHD7SRiKu2Yf
Score

10^/10

modiloader evasion persistence trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- UAC bypass
  evasion trojan
- ModiLoader Second Stage
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

modiloaderevasionpersistencetrojanupx

behavioral2

evasiontrojanupx

© 2018-2024

Terms | Privacy