modiloader | 9d0d64f0f7ae03a45d4c2e914f1dd6ebd79a0701ef2dd38cabbffd53b3d48b8e | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

9d0d64f0f7...8e.exe

windows7-x64

9d0d64f0f7...8e.exe

windows10-2004-x64

Sharing

General

Target

9d0d64f0f7ae03a45d4c2e914f1dd6ebd79a0701ef2dd38cabbffd53b3d48b8e
Size

388KB
Sample

221206-ktq29afa2x
MD5

c7c3b1dfc231e192d1886d682ff941ca
SHA1

6b3e0ad82026e25bd60a9b71fef5b67396696320
SHA256

9d0d64f0f7ae03a45d4c2e914f1dd6ebd79a0701ef2dd38cabbffd53b3d48b8e
SHA512

f930640e2acc12aba970f8ab56a87f1ab613569d1d3a0c24b2f4c5265533edffc795a5614f821ec9d7406f5905fef6c5878997e2aa43234a09d18a3b5864fe08
SSDEEP

6144:7bOAmC045lY0Z79BZb4SCnG35g6N0QJpvJGEGOKPbXl9X0J0qOxl4FBBb86:RmC08W+9BZb3p32qX3v4EAVGeJ4Fd

Score

10^/10

modiloader persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

9d0d64f0f7ae03a45d4c2e914f1dd6ebd79a0701ef2dd38cabbffd53b3d48b8e.exe

Resource

win7-20220901-en

modiloader persistence trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

9d0d64f0f7ae03a45d4c2e914f1dd6ebd79a0701ef2dd38cabbffd53b3d48b8e.exe

Resource

win10v2004-20220812-en

modiloader trojan

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  9d0d64f0f7ae03a45d4c2e914f1dd6ebd79a0701ef2dd38cabbffd53b3d48b8e
- Size
  
  388KB
- MD5
  
  c7c3b1dfc231e192d1886d682ff941ca
- SHA1
  
  6b3e0ad82026e25bd60a9b71fef5b67396696320
- SHA256
  
  9d0d64f0f7ae03a45d4c2e914f1dd6ebd79a0701ef2dd38cabbffd53b3d48b8e
- SHA512
  
  f930640e2acc12aba970f8ab56a87f1ab613569d1d3a0c24b2f4c5265533edffc795a5614f821ec9d7406f5905fef6c5878997e2aa43234a09d18a3b5864fe08
- SSDEEP
  
  6144:7bOAmC045lY0Z79BZb4SCnG35g6N0QJpvJGEGOKPbXl9X0J0qOxl4FBBb86:RmC08W+9BZb3p32qX3v4EAVGeJ4Fd
Score

10^/10

modiloader persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies WinLogon for persistence
  persistence
- ModiLoader Second Stage
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderpersistencetrojan

behavioral2

modiloadertrojan

© 2018-2025

Terms | Privacy