modiloader | 367825ee9ba73d84036b0909e07205295077297294d7f5b944e8017d0a49a243 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

7

NEAS.f4789...JC.exe

windows7-x64

NEAS.f4789...JC.exe

windows10-2004-x64

Sharing

General

Target

NEAS.f4789d1b87490b9424ca6c0186324320_JC.exe
Size

326KB
Sample

231104-m3jqmsgd7y
MD5

f4789d1b87490b9424ca6c0186324320
SHA1

4d439646a9f1a476db03ba837a6c09d096b33aaf
SHA256

367825ee9ba73d84036b0909e07205295077297294d7f5b944e8017d0a49a243
SHA512

190d46e710610e2e3b147330f794adbbd2215498bcc3c6aa266cc3c8f7d33da87e93215a56e0379e8018b86c83bbe109a870a7e67a3cabffc057d7d510edabd3
SSDEEP

3072:Ie2A0wxDqUpM5scww4chO+O1BmP5DG0sg3i4XZ9WvDZHwdRX/L+gP38XV:IsxD5cwohO+O1sVG0/pZ6iPC8

Score

10^/10

modiloader persistence trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

NEAS.f4789d1b87490b9424ca6c0186324320_JC.exe

Resource

win7-20231020-en

modiloader persistence trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

NEAS.f4789d1b87490b9424ca6c0186324320_JC.exe

Resource

win10v2004-20231020-en

modiloader persistence trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  NEAS.f4789d1b87490b9424ca6c0186324320_JC.exe
- Size
  
  326KB
- MD5
  
  f4789d1b87490b9424ca6c0186324320
- SHA1
  
  4d439646a9f1a476db03ba837a6c09d096b33aaf
- SHA256
  
  367825ee9ba73d84036b0909e07205295077297294d7f5b944e8017d0a49a243
- SHA512
  
  190d46e710610e2e3b147330f794adbbd2215498bcc3c6aa266cc3c8f7d33da87e93215a56e0379e8018b86c83bbe109a870a7e67a3cabffc057d7d510edabd3
- SSDEEP
  
  3072:Ie2A0wxDqUpM5scww4chO+O1BmP5DG0sg3i4XZ9WvDZHwdRX/L+gP38XV:IsxD5cwohO+O1sVG0/pZ6iPC8
Score

10^/10

modiloader persistence trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderpersistencetrojanupx

behavioral2

modiloaderpersistencetrojanupx

© 2018-2025

Terms | Privacy