modiloader | ce98537bd1ce48ca975292f0cf911db4b5d4c0248d44f20aefe10dc5ab995c4e | Triage

Submit
Reports

Overview

overview

Static

static

ce98537bd1...4e.exe

windows7-x64

ce98537bd1...4e.exe

windows10-2004-x64

Sharing

General

Target

ce98537bd1ce48ca975292f0cf911db4b5d4c0248d44f20aefe10dc5ab995c4e
Size

521KB
Sample

221203-v8qedabc89
MD5

d9ab08dfe2176e7fb3f04b597314859f
SHA1

90e818eda58840c5d811dd9729ea8aca20654d3e
SHA256

ce98537bd1ce48ca975292f0cf911db4b5d4c0248d44f20aefe10dc5ab995c4e
SHA512

b44dfe1fbd3595143cdf2b50ffed64feab8c4975436d55fbd1db001101d7554d8fb6747ad59c99d9bcbb7486be0b02c1bad9a9686099888984bad6bd99772ad9
SSDEEP

12288:evoLy6NugQ5yRRc/Xu5uy5n3MESioMsis/tKw4cNL4qXh:cYHNEgRa/Xu/3PzoMwKw4c2qXh

Score

10^/10

modiloader persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

ce98537bd1ce48ca975292f0cf911db4b5d4c0248d44f20aefe10dc5ab995c4e.exe

Resource

win7-20220901-en

modiloader persistence trojan upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

ce98537bd1ce48ca975292f0cf911db4b5d4c0248d44f20aefe10dc5ab995c4e.exe

Resource

win10v2004-20221111-en

modiloader persistence trojan upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  ce98537bd1ce48ca975292f0cf911db4b5d4c0248d44f20aefe10dc5ab995c4e
- Size
  
  521KB
- MD5
  
  d9ab08dfe2176e7fb3f04b597314859f
- SHA1
  
  90e818eda58840c5d811dd9729ea8aca20654d3e
- SHA256
  
  ce98537bd1ce48ca975292f0cf911db4b5d4c0248d44f20aefe10dc5ab995c4e
- SHA512
  
  b44dfe1fbd3595143cdf2b50ffed64feab8c4975436d55fbd1db001101d7554d8fb6747ad59c99d9bcbb7486be0b02c1bad9a9686099888984bad6bd99772ad9
- SSDEEP
  
  12288:evoLy6NugQ5yRRc/Xu5uy5n3MESioMsis/tKw4cNL4qXh:cYHNEgRa/Xu/3PzoMwKw4c2qXh
Score

10^/10

modiloader persistence trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies WinLogon for persistence
  persistence
- ModiLoader Second Stage
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

modiloaderpersistencetrojanupx

behavioral2

modiloaderpersistencetrojanupx

© 2018-2024

Terms | Privacy