modiloader | f3686e1ceaedb3817c270fb1427bc864f06b71eb9de1a57e445d3ba162b9b5d8 | Triage

Submit
Reports

Overview

overview

Static

static

8

f3686e1cea...d8.exe

windows7-x64

f3686e1cea...d8.exe

windows10-2004-x64

Sharing

General

Target

f3686e1ceaedb3817c270fb1427bc864f06b71eb9de1a57e445d3ba162b9b5d8
Size

126KB
Sample

221203-za55dsgf4z
MD5

936fe9b34f4d62c71364e856c0d73932
SHA1

3a80904cf58d500dcc9d908468896f81d3dbe40a
SHA256

f3686e1ceaedb3817c270fb1427bc864f06b71eb9de1a57e445d3ba162b9b5d8
SHA512

cf6ab831ee38cb7ae12d8cb2cba2f3e286c4ab69e50681cf6dfa8a516434e672a7a2ee2e1ffdb6ad1b21b97224dc8a3df3bfb0aeaa6691ec1bd13677f41bb2dc
SSDEEP

3072:Fkq53FivSwHKT0Wph5fJINzEprvcaAnB4vM2m3DMUsrfxK:2q0vDHABh1q1OrkJnB4i2Tw

Score

10^/10

modiloader evasion persistence trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f3686e1ceaedb3817c270fb1427bc864f06b71eb9de1a57e445d3ba162b9b5d8.exe

Resource

win7-20220812-en

modiloader evasion trojan upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

f3686e1ceaedb3817c270fb1427bc864f06b71eb9de1a57e445d3ba162b9b5d8.exe

Resource

win10v2004-20220901-en

modiloader evasion persistence trojan upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  f3686e1ceaedb3817c270fb1427bc864f06b71eb9de1a57e445d3ba162b9b5d8
- Size
  
  126KB
- MD5
  
  936fe9b34f4d62c71364e856c0d73932
- SHA1
  
  3a80904cf58d500dcc9d908468896f81d3dbe40a
- SHA256
  
  f3686e1ceaedb3817c270fb1427bc864f06b71eb9de1a57e445d3ba162b9b5d8
- SHA512
  
  cf6ab831ee38cb7ae12d8cb2cba2f3e286c4ab69e50681cf6dfa8a516434e672a7a2ee2e1ffdb6ad1b21b97224dc8a3df3bfb0aeaa6691ec1bd13677f41bb2dc
- SSDEEP
  
  3072:Fkq53FivSwHKT0Wph5fJINzEprvcaAnB4vM2m3DMUsrfxK:2q0vDHABh1q1OrkJnB4i2Tw
Score

10^/10

modiloader evasion trojan upx persistence
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- UAC bypass
  evasion trojan
- ModiLoader Second Stage
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

modiloaderevasiontrojanupx

behavioral2

modiloaderevasionpersistencetrojanupx

© 2018-2024

Terms | Privacy