modiloader | 26b1f1df386879044711fd6aeba55d6de8590409cd47d09f2b06211199bf00f2 | Triage

Submit
Reports

Overview

overview

Static

static

1

HTTP-FJhT8...i7.exe

windows7-x64

HTTP-FJhT8...i7.exe

windows10-2004-x64

Sharing

General

Target

HTTP-FJhT8v1B1K4X8P3Ui7.exe
Size

465KB
Sample

230309-18btwaae47
MD5

c1dbc7ab29c207faf77a13023149471d
SHA1

999eae41d16e5a2577234193c7621bc17919e9cc
SHA256

26b1f1df386879044711fd6aeba55d6de8590409cd47d09f2b06211199bf00f2
SHA512

22e5b20cb4373afcf3605aea3e860af6a7c75d2a1a740b96599ca681a4919ad9559a79ef32dd260775afa633f575f5f41f028e197a1619a3ace1909355d9d691
SSDEEP

12288:tXTYKKF81SfIetsdIHNYxeglGiT8yg5Ej:tDTq8tItpglG2gaj

Score

10^/10

modiloader trojan

Static task

static1

Behavioral task

behavioral1

Sample

HTTP-FJhT8v1B1K4X8P3Ui7.exe

Resource

win7-20230220-en

modiloader trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

HTTP-FJhT8v1B1K4X8P3Ui7.exe

Resource

win10v2004-20230220-en

modiloader trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  HTTP-FJhT8v1B1K4X8P3Ui7.exe
- Size
  
  465KB
- MD5
  
  c1dbc7ab29c207faf77a13023149471d
- SHA1
  
  999eae41d16e5a2577234193c7621bc17919e9cc
- SHA256
  
  26b1f1df386879044711fd6aeba55d6de8590409cd47d09f2b06211199bf00f2
- SHA512
  
  22e5b20cb4373afcf3605aea3e860af6a7c75d2a1a740b96599ca681a4919ad9559a79ef32dd260775afa633f575f5f41f028e197a1619a3ace1909355d9d691
- SSDEEP
  
  12288:tXTYKKF81SfIetsdIHNYxeglGiT8yg5Ej:tDTq8tItpglG2gaj
Score

10^/10

modiloader trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- ModiLoader Second Stage
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloadertrojan

behavioral2

modiloadertrojan

© 2018-2024

Terms | Privacy