modiloader | db3c5b7ad4281991c3b1e6ff4a8506a88315bf068c2fbaa60c24c9214238bd9a | Triage

Submit
Reports

Overview

overview

Static

static

db3c5b7ad4...9a.exe

windows7-x64

db3c5b7ad4...9a.exe

windows10-2004-x64

Sharing

General

Target

db3c5b7ad4281991c3b1e6ff4a8506a88315bf068c2fbaa60c24c9214238bd9a
Size

367KB
Sample

221203-zrrnbshh7v
MD5

025637736b269921d1567d30bf788165
SHA1

3bac77b0671c4235fe7247429579a912fa79d7ba
SHA256

db3c5b7ad4281991c3b1e6ff4a8506a88315bf068c2fbaa60c24c9214238bd9a
SHA512

f85373a9e73fec734398138d424cbaaf4cc1db36969db0eb01b1ed46e2f4102295b616791c5ea1677968493f231ef5b8af22bdadbd0dbf594701bcb6d9f246b4
SSDEEP

6144:g/0uolCkQtmlxdpMo+JR6qVEO0FAA3Ny7lKD/PGq8JM9p9gT4ayMo2isG4PoE:gJzkncxajT7Ge9paTV9o2O4PoE

Score

10^/10

modiloader persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

db3c5b7ad4281991c3b1e6ff4a8506a88315bf068c2fbaa60c24c9214238bd9a.exe

Resource

win7-20220812-en

modiloader persistence trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

db3c5b7ad4281991c3b1e6ff4a8506a88315bf068c2fbaa60c24c9214238bd9a.exe

Resource

win10v2004-20221111-en

modiloader persistence trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  db3c5b7ad4281991c3b1e6ff4a8506a88315bf068c2fbaa60c24c9214238bd9a
- Size
  
  367KB
- MD5
  
  025637736b269921d1567d30bf788165
- SHA1
  
  3bac77b0671c4235fe7247429579a912fa79d7ba
- SHA256
  
  db3c5b7ad4281991c3b1e6ff4a8506a88315bf068c2fbaa60c24c9214238bd9a
- SHA512
  
  f85373a9e73fec734398138d424cbaaf4cc1db36969db0eb01b1ed46e2f4102295b616791c5ea1677968493f231ef5b8af22bdadbd0dbf594701bcb6d9f246b4
- SSDEEP
  
  6144:g/0uolCkQtmlxdpMo+JR6qVEO0FAA3Ny7lKD/PGq8JM9p9gT4ayMo2isG4PoE:gJzkncxajT7Ge9paTV9o2O4PoE
Score

10^/10

modiloader persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

modiloaderpersistencetrojan

behavioral2

modiloaderpersistencetrojan

© 2018-2024

Terms | Privacy