modiloader | e16ec98dd573ec4431be0f041491797ca9ddf5077d3625236b399bbafe3be246

Analysis

max time kernel
41s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 04:26

Target

e16ec98dd573ec4431be0f041491797ca9ddf5077d3625236b399bbafe3be246.exe
Size

91KB
MD5

64fbd018c636e4470582068bfebe420d
SHA1

4beb14d2a50995b97e33798ccbcebd79dd6fb231
SHA256

e16ec98dd573ec4431be0f041491797ca9ddf5077d3625236b399bbafe3be246
SHA512

6226acd5d83606738914b6f71fb8e2695e8731486dc33d4e99eaa66d16510d73e84e04787dd8d49a6dc6f507d69638e00cf366c098b07fb6c4867f73596e3531
SSDEEP

1536:bm3k2/hobJ0SCFzMEXRZGfqQvMtB70cIsYS/npLmg2GrkK2RvywiKKu:oh/hob0FwEXRMfqH7bIsv/npLmg2GkxN

Score

10^/10

modiloader trojan

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader

ModiLoader Second Stage 2 IoCs

resource	yara_rule
behavioral1/memory/1652-59-0x0000000000370000-0x0000000000391000-memory.dmp	modiloader_stage2
behavioral1/memory/1652-60-0x0000000000371000-0x0000000000385000-memory.dmp	modiloader_stage2

C:\Users\Admin\AppData\Local\Temp\e16ec98dd573ec4431be0f041491797ca9ddf5077d3625236b399bbafe3be246.exe
"C:\Users\Admin\AppData\Local\Temp\e16ec98dd573ec4431be0f041491797ca9ddf5077d3625236b399bbafe3be246.exe"
1⤵
PID:1652

memory/1652-54-0x0000000000400000-0x0000000000432675-memory.dmp

Filesize
201KB

Download
memory/1652-55-0x0000000000370000-0x0000000000391000-memory.dmp

Filesize
132KB

Download
memory/1652-56-0x0000000000370000-0x0000000000391000-memory.dmp

Filesize
132KB

Download
memory/1652-58-0x0000000000400000-0x0000000000432675-memory.dmp

Filesize
201KB

Download
memory/1652-59-0x0000000000370000-0x0000000000391000-memory.dmp

Filesize
132KB

Download
memory/1652-60-0x0000000000371000-0x0000000000385000-memory.dmp

Filesize
80KB

Download