modiloader | 9e1b4f2d408e187ca641c0c16269069d0acabe5ae15514418726fbc720b33731 | Triage

Submit
Reports

Overview

overview

Static

static

1

lista ordini.exe

windows7-x64

lista ordini.exe

windows10-2004-x64

Sharing

General

Target

lista ordini.bin
Size

1.1MB
Sample

230214-nk7kescd2t
MD5

ff1827a05d6334802873178c3d9459ca
SHA1

a8a5264d15aef1dd1c6e982b1eb163d1714ac74c
SHA256

9e1b4f2d408e187ca641c0c16269069d0acabe5ae15514418726fbc720b33731
SHA512

816740310737eaf6e40045b693eff0589fdd348caa885ca07fcae909134fab65b80aafe0fdf355ae72a1e892e6e14b51381b9405a937ca0bd8634fcdda5bd6ae
SSDEEP

12288:oX8lOqFSsZ40z3QjB2lr5fPx7Zh70WoQzV9hBoSFhAf1nAhglR:Q8ltFSQ3AB2zp7pcf1nAhglR

Score

10^/10

modiloader persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

lista ordini.exe

Resource

win7-20220812-en

modiloader trojan

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

lista ordini.exe

Resource

win10v2004-20220901-en

modiloader persistence spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  lista ordini.bin
- Size
  
  1.1MB
- MD5
  
  ff1827a05d6334802873178c3d9459ca
- SHA1
  
  a8a5264d15aef1dd1c6e982b1eb163d1714ac74c
- SHA256
  
  9e1b4f2d408e187ca641c0c16269069d0acabe5ae15514418726fbc720b33731
- SHA512
  
  816740310737eaf6e40045b693eff0589fdd348caa885ca07fcae909134fab65b80aafe0fdf355ae72a1e892e6e14b51381b9405a937ca0bd8634fcdda5bd6ae
- SSDEEP
  
  12288:oX8lOqFSsZ40z3QjB2lr5fPx7Zh70WoQzV9hBoSFhAf1nAhglR:Q8ltFSQ3AB2zp7pcf1nAhglR
Score

10^/10

modiloader trojan persistence spyware stealer
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloadertrojan

behavioral2

modiloaderpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy