modiloader | d7d38af8e2f1c0cdfee83547348f39292a4cf1859cf7238613f9ee6a5bbbb9c3 | Triage

Submit
Reports

Overview

overview

Static

static

d7d38af8e2...c3.exe

windows7-x64

d7d38af8e2...c3.exe

windows10-2004-x64

Sharing

General

Target

d7d38af8e2f1c0cdfee83547348f39292a4cf1859cf7238613f9ee6a5bbbb9c3
Size

650KB
Sample

221203-qfq3zsgc4x
MD5

8da7970c2d7fefa91dde87347f240486
SHA1

f279f1a8347f90aeaa2bc1c744b8a27fb28cdb25
SHA256

d7d38af8e2f1c0cdfee83547348f39292a4cf1859cf7238613f9ee6a5bbbb9c3
SHA512

5e91fca941877b257a0f32646505d877176036d3209f6c4d5f674afe8d98ef440b6161c0312382316665e2b62b46965c9cda4a7151d37db040d36ef143419683
SSDEEP

12288:V7Dbxv8LbH1nRQJ5WJVjDbykWZYJDDVcdnNwPl2kAQQLgpMjuNZMNyYZ:VLxEPVRQJgf/bONRNZQQcpZDMNBZ

Score

10^/10

modiloader trojan

Static task

static1

Behavioral task

behavioral1

Sample

d7d38af8e2f1c0cdfee83547348f39292a4cf1859cf7238613f9ee6a5bbbb9c3.exe

Resource

win7-20220812-en

modiloader trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

d7d38af8e2f1c0cdfee83547348f39292a4cf1859cf7238613f9ee6a5bbbb9c3.exe

Resource

win10v2004-20221111-en

modiloader trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  d7d38af8e2f1c0cdfee83547348f39292a4cf1859cf7238613f9ee6a5bbbb9c3
- Size
  
  650KB
- MD5
  
  8da7970c2d7fefa91dde87347f240486
- SHA1
  
  f279f1a8347f90aeaa2bc1c744b8a27fb28cdb25
- SHA256
  
  d7d38af8e2f1c0cdfee83547348f39292a4cf1859cf7238613f9ee6a5bbbb9c3
- SHA512
  
  5e91fca941877b257a0f32646505d877176036d3209f6c4d5f674afe8d98ef440b6161c0312382316665e2b62b46965c9cda4a7151d37db040d36ef143419683
- SSDEEP
  
  12288:V7Dbxv8LbH1nRQJ5WJVjDbykWZYJDDVcdnNwPl2kAQQLgpMjuNZMNyYZ:VLxEPVRQJgf/bONRNZQQcpZDMNBZ
Score

10^/10

modiloader trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

modiloadertrojan

behavioral2

modiloadertrojan

© 2018-2024

Terms | Privacy