modiloader | 6b817ce95ecc5fb206ddbdf3e993ce1af68a94adfacdd49ca6b445f657c6408e

Analysis

max time kernel
55s
max time network
73s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
22-02-2023 03:42

Target

SERTRANS AVIS E.T.23.00570 34 KM 7063.exe
Size

877KB
MD5

555f8e6d1e1bf60b8333d3d61d3dcffc
SHA1

89c6a7248ecaa7106ee531da04e7a7f04a2afaa2
SHA256

fe00e119b458a66637943f295177d6763e05f88b8dd6ec9268d8b09763979093
SHA512

94cedeba328f315062e973f41f270a21e586b716ba316191b1e34eb8196caf544911bc9440ba4d6547dcc0a206300f976f3ccb8e279b069723f68bb39447d987
SSDEEP

12288:O9eu4QUqmzouRvfkK10/ngIlubJA7pXUKPpj1RwSD1D/WJ5QblAc6FgMHOygt:O9B4cuRHLkVS8pjTtDQrClp6FFu/

Score

10^/10

modiloader trojan

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader

ModiLoader Second Stage 1 IoCs

Processes:

resource	yara_rule
behavioral2/memory/4720-134-0x00000000022A0000-0x00000000022CC000-memory.dmp	modiloader_stage2

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1228 4720 WerFault.exe SERTRANS AVIS E.T.23.00570 34 KM 7063.exe

pid	pid_target	process	target process
1228	4720	WerFault.exe	SERTRANS AVIS E.T.23.00570 34 KM 7063.exe

C:\Users\Admin\AppData\Local\Temp\SERTRANS AVIS E.T.23.00570 34 KM 7063.exe
"C:\Users\Admin\AppData\Local\Temp\SERTRANS AVIS E.T.23.00570 34 KM 7063.exe"
1⤵
PID:4720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 1452
2⤵
- Program crash
PID:1228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4720 -ip 4720
1⤵
PID:2080

memory/4720-133-0x0000000002280000-0x0000000002281000-memory.dmp

Filesize
4KB

Download
memory/4720-134-0x00000000022A0000-0x00000000022CC000-memory.dmp

Filesize
176KB

Download
memory/4720-136-0x0000000000400000-0x00000000004E2000-memory.dmp

Filesize
904KB

Download