modiloader | hxxp://malwaredatabase[.]byethost13[.]com/?i=1

Resubmissions

04-06-2023 11:06

230604-m7tfmsbh99 10

04-06-2023 11:03

230604-m5qxqsce6x 10

Sharing

Copy URL

Twitter E-mail

General

Target

http://malwaredatabase.byethost13.com/?i=1
Sample

230604-m5qxqsce6x

Score

10^/10

modiloader trojan

Malware Config

Targets

- Target
  
  http://malwaredatabase.byethost13.com/?i=1
Score

10^/10

modiloader trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- ModiLoader Second Stage
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

ModiLoader, DBatLoader

Process spawned unexpected child process

ModiLoader Second Stage

Checks computer location settings

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks

static1

urlscan1

behavioral1