modiloader | 3c02e09cd54775bce77b8168dcea023a40f510127ff3ca5cae5557a82597b48f

Analysis

max time kernel
142s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
19/08/2023, 12:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3c02e09cd54775bce77b8168dcea023a40f510127ff3ca5cae5557a82597b48f_JC.exe
Size

744KB
MD5

f4a22575b07f7b4f54d2e2feda6a2717
SHA1

3392435e6c3001174b48042da6a511d2f8b45bbc
SHA256

3c02e09cd54775bce77b8168dcea023a40f510127ff3ca5cae5557a82597b48f
SHA512

e8762ebfaa3e1d79fe2bbcd750acc677eec8d9e8defae8c2e3bd63364131a51ca9f65e7b1b43b6f253bce1ffa5c3f1275d34f733f99af0e301ecf5e14baaa2a1
SSDEEP

12288:HHLE4rSOHgTxpMrC2zR4othaTEU+rxFVOt3FYe64QPIOhO1CYuhP:HrKOANKrCzaaT4VuVNQIOhO1UhP

Score

10^/10

modiloader persistence trojan

Malware Config

Signatures

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader

ModiLoader Second Stage 61 IoCs

resource	yara_rule
behavioral2/memory/216-135-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-139-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-140-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-141-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-142-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-143-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-144-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-145-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-146-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-147-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-148-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-149-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-150-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-151-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-152-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-153-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-154-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-156-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-155-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-157-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-158-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-159-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-160-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-161-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-162-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-163-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-164-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-165-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-166-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-167-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-168-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-169-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-170-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-171-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-172-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-173-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-174-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-175-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-176-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-177-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-178-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-179-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-180-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-181-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-182-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-183-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-184-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-185-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-186-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-187-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-188-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-189-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-190-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-191-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-192-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-193-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-194-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-195-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-196-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-198-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2
behavioral2/memory/216-199-0x00000000043E0000-0x0000000004517000-memory.dmp	modiloader_stage2

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Gqzfnpjn = "C:\\Users\\Public\\Gqzfnpjn.url"	3c02e09cd54775bce77b8168dcea023a40f510127ff3ca5cae5557a82597b48f_JC.exe

Script User-Agent 2 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	20	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	22	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
216	3c02e09cd54775bce77b8168dcea023a40f510127ff3ca5cae5557a82597b48f_JC.exe
216	3c02e09cd54775bce77b8168dcea023a40f510127ff3ca5cae5557a82597b48f_JC.exe

C:\Users\Admin\AppData\Local\Temp\3c02e09cd54775bce77b8168dcea023a40f510127ff3ca5cae5557a82597b48f_JC.exe
"C:\Users\Admin\AppData\Local\Temp\3c02e09cd54775bce77b8168dcea023a40f510127ff3ca5cae5557a82597b48f_JC.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
PID:216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/216-133-0x0000000002270000-0x0000000002271000-memory.dmp

Filesize
4KB

Download
memory/216-135-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-137-0x0000000000400000-0x00000000004C0000-memory.dmp

Filesize
768KB

Download
memory/216-138-0x0000000002270000-0x0000000002271000-memory.dmp

Filesize
4KB

Download
memory/216-139-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-140-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-141-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-142-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-143-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-144-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-145-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-146-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-147-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-148-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-149-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-150-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-151-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-152-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-153-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-154-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-156-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-155-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-157-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-158-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-159-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-160-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-161-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-162-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-163-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-164-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-165-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-166-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-167-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-168-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-169-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-170-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-171-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-172-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-173-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-174-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-175-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-176-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-177-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-178-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-179-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-180-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-181-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-182-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-183-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-184-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-185-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-186-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-187-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-188-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-189-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-190-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-191-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-192-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-193-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-194-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-195-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-196-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-198-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-199-0x00000000043E0000-0x0000000004517000-memory.dmp

Filesize
1.2MB

Download
memory/216-307-0x0000000053390000-0x00000000536DA000-memory.dmp

Filesize
3.3MB

Download