modiloader | 2023-05-11_dbdf5acc563e3e97284b373829abd5cf_kovter[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2023-05-11_dbdf5acc563e3e97284b373829abd5cf_kovter.exe
Size

362KB
MD5

dbdf5acc563e3e97284b373829abd5cf
SHA1

179571a13a1d4f97adeb85a4269f062438ba36b4
SHA256

b4c233618ba908b70fb900e87d879c4c66686e5f4b8e0ab7752de84b7d50fac1
SHA512

72e9728cfe48dd00136ceac4a11ed97a4f0b8191781bafce5b34d6bdf23d6e135449b3f0cbcb361c0ad321037ae48944a5944682859abe7f190bc3a82974f0ce
SSDEEP

6144:IlE4lZ62gh1Bu5/F4Hmk0gwSGisRnJYW6vRL1muVz/uHyssGvQdqR2Bx:IO4j6PM5t4ogGJQvxuHyivzR2

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader Second Stage 1 IoCs

resource	yara_rule
sample	modiloader_stage2

Modiloader family
modiloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2023-05-11_dbdf5acc563e3e97284b373829abd5cf_kovter.exe

Files

2023-05-11_dbdf5acc563e3e97284b373829abd5cf_kovter.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 306KB - Virtual size: 305KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 18KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ