modiloader | ff0e7f759566d3a866e65871c4643b186b33c348a0975873970c28353e044c27

General

Target

FIFA 16 3DM CRACK.zip
Size

2.2MB
Sample

230401-dbn2lsfe59
MD5

1dbb4d4d88fb1da310c99db4a00d1e9d
SHA1

ef2e1d013723e0bbc91ee03e69586c78558110cd
SHA256

ff0e7f759566d3a866e65871c4643b186b33c348a0975873970c28353e044c27
SHA512

3757f15eda95b2f3d9a136a3262e2e87f7e73eee27347a99bc893ce96c41b84f24dc373e553854aeefb283f555ad9108f11c953b32cf2f42d112bc5cf9f8d962
SSDEEP

49152:tzzgGVnWOW3b52GIpWqgqwHTHI8D0dseqYFkGdnqi6bZajAD6ce6IeUnyYhJ:1dVWOWL5fIp3gpHb3D02eq1+lm6AD6cG

Score

10^/10

Malware Config

Targets

- Target
  
  FIFA 16 3DM CRACK/3dmgame.dll
- Size
  
  2.0MB
- MD5
  
  2cdadd6a0058a31b503e3f7d4ee443b0
- SHA1
  
  a94abece1e73051f196be196209b33dc4e91b591
- SHA256
  
  53517c0f175c1c038dfe5408c28479774ab28a7a4e6e2127e259421b441a9554
- SHA512
  
  b2a4b8b809f096e41a8503f88c5bee35b9b76ba201c690d84b6a20acf3a7da18af17099ebec70b2daed7a57ff6493d90cb9a3a892aea5e37e2d74a2139b5f34a
- SSDEEP
  
  24576:CascjZe+PVi/ynv5uDNf2mU498Lr1pBQPb9Ay1AVKgYiZ3pj3d4pcmnGPbniCM:Y
Score

1^/10
behavioral1
- Target
  
  FIFA 16 3DM CRACK/Launcher.exe
- Size
  
  555KB
- MD5
  
  2024a63bd1c81bb5135fa7089c95fbfc
- SHA1
  
  af90baf2cc304e22c495b9a2fa166f6cdbb47326
- SHA256
  
  9841ded0d28bbc49fe8754c6d5dc5b2deed2884e1e983c0392e2aca5e68743bc
- SHA512
  
  ff52c2a0588732efb99ba54efc9516423ea784cbc5714391db7fb1952786e96bcc8326d13d7caa49d1664771c5d332942630f59471033e714fea67910873a46a
- SSDEEP
  
  12288:5tLXhxSn9COKFjiZOZoCfWxDLuknpa2bUEpYaxwy0ezQz2:5/8/iPufuyvwEey0zC
Score

10^/10

modiloader discovery evasion persistence trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- UAC bypass
  evasion trojan
- ModiLoader Second Stage
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
behavioral2
- Target
  
  FIFA 16 3DM CRACK/Origin.Games.Reg.Tools.v2.0-3DM.exe
- Size
  
  749KB
- MD5
  
  f9fda76ceaa6995a01896350b80856f3
- SHA1
  
  da086af1810444115008c6ed7f43a19e62f1f155
- SHA256
  
  ed5a340995cf850ec40862a028e55e1e1a7cd8a10ecb593bd996ea533b940a3e
- SHA512
  
  0882e65784ac0de905177033fcfb7b3e715f27960f32d76a6cde30ccda7e6d253b41e5b6adb313502d3de32f4720b6f5dffa0efdcec0adfd22f067cab98285d4
- SSDEEP
  
  12288:RtLXhAfaEn9COKFjj7yvRkVpxAj6FXKDck1oIbIjEz4WYSHW+e22iZnnmr8WW/4i:R/Afag/my+zW6F456IVMS2+eStmoT/4i
Score

10^/10

modiloader discovery evasion persistence trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- UAC bypass
  evasion trojan
- ModiLoader Second Stage
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral3