modiloader | b88e4df360ffe7ca76f3993cd0a0caeffea622e1dfeb114a51c3d301bcf90f09

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
27-02-2023 19:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fc137b673379a46d1a48945e7616e4ad607dfbd1f9778847ed2b4a78f52c9434.exe
Size

37.2MB
MD5

cf88f8e774757b2fe4f478b80d8a7855
SHA1

5679c77c5b4e6e8fcac610aff7d47e58356dc63f
SHA256

fc137b673379a46d1a48945e7616e4ad607dfbd1f9778847ed2b4a78f52c9434
SHA512

3af591b00a2e60e79b7d148898c2bd13bb03d695378930ced8e55e1e5589a89f28b461377486f8272fc663227830b56fccd2843a0581bc55317948868ef7035b
SSDEEP

12288:Cb8A+lyMML0gN55kXFyqf0bGBvGoE3IhAf1nAhglR:C4ZzML0gN5WXFaK9GoEHf1nAhglR

Score

10^/10

modiloader trojan

Malware Config

Signatures

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader

ModiLoader Second Stage 1 IoCs

Processes:

resource	yara_rule
behavioral2/memory/4800-134-0x00000000021C0000-0x00000000021EC000-memory.dmp	modiloader_stage2

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1660 4800 WerFault.exe fc137b673379a46d1a48945e7616e4ad607dfbd1f9778847ed2b4a78f52c9434.exe

pid	pid_target	process	target process
1660	4800	WerFault.exe	fc137b673379a46d1a48945e7616e4ad607dfbd1f9778847ed2b4a78f52c9434.exe

C:\Users\Admin\AppData\Local\Temp\fc137b673379a46d1a48945e7616e4ad607dfbd1f9778847ed2b4a78f52c9434.exe
"C:\Users\Admin\AppData\Local\Temp\fc137b673379a46d1a48945e7616e4ad607dfbd1f9778847ed2b4a78f52c9434.exe"
1⤵
PID:4800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4800 -s 1984
2⤵
- Program crash
PID:1660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 4800 -ip 4800
1⤵
PID:4820

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2204

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4800-133-0x0000000002150000-0x0000000002151000-memory.dmp

Filesize
4KB

Download
memory/4800-134-0x00000000021C0000-0x00000000021EC000-memory.dmp

Filesize
176KB

Download
memory/4800-136-0x0000000000400000-0x00000000004E6000-memory.dmp

Filesize
920KB

Download
memory/4800-147-0x00000000045C0000-0x0000000004768000-memory.dmp

Filesize
1.7MB

Download
memory/4800-148-0x0000000004790000-0x0000000004821000-memory.dmp

Filesize
580KB

Download
memory/4800-150-0x0000000004840000-0x0000000004898000-memory.dmp

Filesize
352KB

Download
memory/4800-151-0x00000000048B0000-0x0000000004928000-memory.dmp

Filesize
480KB

Download
memory/4800-149-0x0000000004830000-0x0000000004838000-memory.dmp

Filesize
32KB

Download
memory/4800-153-0x0000000004940000-0x0000000004968000-memory.dmp

Filesize
160KB

Download
memory/4800-152-0x0000000004930000-0x0000000004940000-memory.dmp

Filesize
64KB

Download
memory/4800-154-0x0000000004970000-0x000000000497E000-memory.dmp

Filesize
56KB

Download
memory/4800-155-0x0000000004980000-0x0000000004988000-memory.dmp

Filesize
32KB

Download
memory/4800-156-0x0000000004990000-0x00000000049A3000-memory.dmp

Filesize
76KB

Download
memory/4800-157-0x0000000004A70000-0x0000000004A9F000-memory.dmp

Filesize
188KB

Download
memory/4800-158-0x0000000004AA0000-0x0000000004AAA000-memory.dmp

Filesize
40KB

Download
memory/4800-159-0x0000000004BF0000-0x0000000004C16000-memory.dmp

Filesize
152KB

Download
memory/4800-160-0x0000000004D70000-0x0000000004D84000-memory.dmp

Filesize
80KB

Download
memory/4800-161-0x0000000004D90000-0x0000000004DA6000-memory.dmp

Filesize
88KB

Download
memory/4800-162-0x0000000004DB0000-0x0000000004E24000-memory.dmp

Filesize
464KB

Download
memory/4800-164-0x0000000004CF0000-0x0000000004D0F000-memory.dmp

Filesize
124KB

Download
memory/4800-163-0x0000000004C70000-0x0000000004C91000-memory.dmp

Filesize
132KB

Download