modiloader | f9c82287e71d51c8160a9eb81116f33ac932c12f8af5afcd144229e214553e20 | Triage

Analysis

max time kernel
132s
max time network
147s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
14-02-2023 10:11

Sharing

Report Analysis Logs

General

Target

FAKTURA MD.exe
Size

1.1MB
MD5

c0f19452648f00641f3c62f409d70c75
SHA1

55e18ebba9f0be9d19cc92ea3e93f97d840b762d
SHA256

f9c82287e71d51c8160a9eb81116f33ac932c12f8af5afcd144229e214553e20
SHA512

00ec218f1c9218f3de07583cf26fae031274fb06280193186fd110e4a90a6cbbbc13e4137a75c71e3045b89dee9771a86d557d739b9d4311b6e09e19b550d931
SSDEEP

12288:oX8lOqFSsZ40z3QjB2lr5fPx7Zh70WoQzV9hBoSFhAf1nAhglR:Q8ltFSQ3AB2zp7pcf1nAhglR

Score

10^/10

modiloader trojan

Malware Config

Signatures

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader

ModiLoader Second Stage 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1464-55-0x0000000000890000-0x00000000008BC000-memory.dmp	modiloader_stage2

C:\Users\Admin\AppData\Local\Temp\FAKTURA MD.exe
"C:\Users\Admin\AppData\Local\Temp\FAKTURA MD.exe"
1⤵
PID:1464

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1464-54-0x0000000076581000-0x0000000076583000-memory.dmp

Filesize
8KB

Download
memory/1464-55-0x0000000000890000-0x00000000008BC000-memory.dmp

Filesize
176KB

Download