modiloader | d6c7872a47c2b39878c40fc9e9af3fe41c829d425814bdc331d4c2b48efc7f19 | Triage

Analysis

max time kernel
143s
max time network
152s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
16-02-2023 15:34

Sharing

Report Analysis Logs

General

Target

Kvruwfvhsjzetg.exe
Size

1.1MB
MD5

f642f03706a86b22eff5b8764edaed56
SHA1

8a3a217ebda9437299765e7eb246494305086c01
SHA256

d6c7872a47c2b39878c40fc9e9af3fe41c829d425814bdc331d4c2b48efc7f19
SHA512

a6632ce0eb90359678e32d54073040b99d5cb498d80ebda17acc833830db89234f924623293497631eab4e3f0538c6acde6111a38b0e55e29f1669a2d71f9219
SSDEEP

12288:oX8lOqFSsZ40z3QjB2lr5fPx7Zh70WoQzV9hBoSFhAf1nAhglR:Q8ltFSQ3AB2zp7pcf1nAhglR

Score

10^/10

modiloader trojan

Malware Config

Signatures

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader

ModiLoader Second Stage 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/964-55-0x00000000008B0000-0x00000000008DC000-memory.dmp	modiloader_stage2

C:\Users\Admin\AppData\Local\Temp\Kvruwfvhsjzetg.exe
"C:\Users\Admin\AppData\Local\Temp\Kvruwfvhsjzetg.exe"
1⤵
PID:964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/964-54-0x0000000074BB1000-0x0000000074BB3000-memory.dmp

Filesize
8KB

Download
memory/964-55-0x00000000008B0000-0x00000000008DC000-memory.dmp

Filesize
176KB

Download