modiloader | ad5131dfaba269367d500cd343ccc1956434b4cb21c2fcd163545c433deded66 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

Nbvkrvfanxfmla.exe

windows7-x64

Nbvkrvfanxfmla.exe

windows10-2004-x64

Sharing

General

Target

Nbvkrvfanxfmla.exe
Size

899KB
Sample

230531-kd9vesec21
MD5

6afa6592e709e8a3bd291d579ee140b0
SHA1

c45d7695612191c4630825759d1ee90efeb5f63c
SHA256

ad5131dfaba269367d500cd343ccc1956434b4cb21c2fcd163545c433deded66
SHA512

bdfb0e2d89089f8ec019e8b23687de9d0bb9f45b6194631f73df6def6698058187071da0300502ea4df566e46b1f1b02244b1dc0bae0a7801090886f9d992c91
SSDEEP

12288:H7uk7C8LDMu42r0Dyo6Te5rf1C7nh5YaGNr23ax56pw1MJf:HC52r0WorR4Dw23i+w1

Score

10^/10

modiloader persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Nbvkrvfanxfmla.exe

Resource

win7-20230220-en

modiloader trojan

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

Nbvkrvfanxfmla.exe

Resource

win10v2004-20230220-en

modiloader persistence trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  Nbvkrvfanxfmla.exe
- Size
  
  899KB
- MD5
  
  6afa6592e709e8a3bd291d579ee140b0
- SHA1
  
  c45d7695612191c4630825759d1ee90efeb5f63c
- SHA256
  
  ad5131dfaba269367d500cd343ccc1956434b4cb21c2fcd163545c433deded66
- SHA512
  
  bdfb0e2d89089f8ec019e8b23687de9d0bb9f45b6194631f73df6def6698058187071da0300502ea4df566e46b1f1b02244b1dc0bae0a7801090886f9d992c91
- SSDEEP
  
  12288:H7uk7C8LDMu42r0Dyo6Te5rf1C7nh5YaGNr23ax56pw1MJf:HC52r0WorR4Dw23i+w1
Score

10^/10

modiloader trojan persistence
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloadertrojan

behavioral2

modiloaderpersistencetrojan

© 2018-2025

Terms | Privacy