modiloader | 72a32e559653c3ef0b9f2c2065707850b24225f77dd9ec4dd3ebfffed43002fb | Triage

Analysis

max time kernel
132s
max time network
149s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11-01-2023 08:40

Sharing

Report Analysis Logs

General

Target

Signed PI % Payment Order Order.exe
Size

1.1MB
MD5

ce8dfa3ab6e40ef88605b208e48fdfa9
SHA1

120c14d5da5c24721edd92f140b8a6de180679d7
SHA256

72a32e559653c3ef0b9f2c2065707850b24225f77dd9ec4dd3ebfffed43002fb
SHA512

27dd308465ff5ef1ad5b5bf2f6d433430b1b094b22d52ec13629b8c318cb2eb7de834d189c538057ccfb1e124744c64947aa46dd8c7133156eb89189124d95a7
SSDEEP

24576:ygaIphuOCwQSQ8eD0nzOt1ytFvDgIFoc5:y2B2DmzOt1ytFvDpFoc

Score

10^/10

modiloader trojan

Malware Config

Signatures

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader

ModiLoader Second Stage 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1952-55-0x0000000001ED0000-0x0000000001EFC000-memory.dmp	modiloader_stage2

C:\Users\Admin\AppData\Local\Temp\Signed PI % Payment Order Order.exe
"C:\Users\Admin\AppData\Local\Temp\Signed PI % Payment Order Order.exe"
1⤵
PID:1952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1952-54-0x00000000750A1000-0x00000000750A3000-memory.dmp

Filesize
8KB

Download
memory/1952-55-0x0000000001ED0000-0x0000000001EFC000-memory.dmp

Filesize
176KB

Download