modiloader | 58cbbec7b9e8e77be07b2ab77343c5ea23afff14d285da2eae8362f516a69149

Analysis

max time kernel
241s
max time network
283s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
01-12-2023 15:09

Target

6df93ced6c976c448553f7abaf828e4d02f121eedcc47134036062a4151d4bc3.exe
Size

3.3MB
MD5

341e6118300427eff58d3da5f1b9b4b7
SHA1

26e236c308fd8b7f6a6fec3dd2790e039ecbb7e7
SHA256

6df93ced6c976c448553f7abaf828e4d02f121eedcc47134036062a4151d4bc3
SHA512

4348b7db8be86211ef41f58b4fc5c16c527c4015947e29e409c2174caaa23a2010b81256d31a7e1b5a93f270c725efa58f307f515a7cb858c37c1a657998934a
SSDEEP

98304:4IRh2HdK1x9Z2EpfJJKHco8GuBdHoMgY8TUK8onkyUlE:4x81x9Z2d3iRoMCwK8onDUlE

Score

10^/10

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader

ModiLoader First Stage 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/3044-3-0x0000000000400000-0x00000000008FE000-memory.dmp	modiloader_stage1

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral1/memory/3044-0-0x0000000000400000-0x00000000008FE000-memory.dmp	upx
behavioral1/memory/3044-1-0x0000000000400000-0x00000000008FE000-memory.dmp	upx
behavioral1/memory/3044-3-0x0000000000400000-0x00000000008FE000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\6df93ced6c976c448553f7abaf828e4d02f121eedcc47134036062a4151d4bc3.exe
"C:\Users\Admin\AppData\Local\Temp\6df93ced6c976c448553f7abaf828e4d02f121eedcc47134036062a4151d4bc3.exe"
1⤵
PID:3044

memory/3044-0-0x0000000000400000-0x00000000008FE000-memory.dmp

Filesize
5.0MB

Download
memory/3044-1-0x0000000000400000-0x00000000008FE000-memory.dmp

Filesize
5.0MB

Download
memory/3044-4-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/3044-3-0x0000000000400000-0x00000000008FE000-memory.dmp

Filesize
5.0MB

Download