modiloader | 60b0ef6574d0a7a30ee5b4fbbf7c1709994e9f3ae276359b8a335930df9dd29c | Triage

Submit
Reports

Overview

overview

Static

static

3

NEAS.6f331...f9.exe

windows7-x64

7

NEAS.6f331...f9.exe

windows10-2004-x64

Sharing

General

Target

NEAS.6f331f4edfa3feb15f68bb9f9fb15ff9.exe
Size

308KB
Sample

231201-tfw6sadc4t
MD5

6f331f4edfa3feb15f68bb9f9fb15ff9
SHA1

31c86ab64f80518fff5b3a9d824c5e2220b2c466
SHA256

60b0ef6574d0a7a30ee5b4fbbf7c1709994e9f3ae276359b8a335930df9dd29c
SHA512

08e19565b38b034c0912d61264725e7fec2c4c25c0536c6a5408a8a23f27b5ae6f9a24fe091197e72da6d36797c006010d9977cb4a25ddf87bc17db5f53deaf9
SSDEEP

3072:/c3sBG7mXh7m/zZM3jAbNOM6CNtDCZFL:E3sBz0Z4Mj72F

Score

10^/10

modiloader persistence trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

NEAS.6f331f4edfa3feb15f68bb9f9fb15ff9.exe

Resource

win7-20231020-en

persistence upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

NEAS.6f331f4edfa3feb15f68bb9f9fb15ff9.exe

Resource

win10v2004-20231127-en

modiloader persistence trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  NEAS.6f331f4edfa3feb15f68bb9f9fb15ff9.exe
- Size
  
  308KB
- MD5
  
  6f331f4edfa3feb15f68bb9f9fb15ff9
- SHA1
  
  31c86ab64f80518fff5b3a9d824c5e2220b2c466
- SHA256
  
  60b0ef6574d0a7a30ee5b4fbbf7c1709994e9f3ae276359b8a335930df9dd29c
- SHA512
  
  08e19565b38b034c0912d61264725e7fec2c4c25c0536c6a5408a8a23f27b5ae6f9a24fe091197e72da6d36797c006010d9977cb4a25ddf87bc17db5f53deaf9
- SSDEEP
  
  3072:/c3sBG7mXh7m/zZM3jAbNOM6CNtDCZFL:E3sBz0Z4Mj72F
Score

10^/10

persistence upx modiloader trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

modiloaderpersistencetrojanupx

© 2018-2024

Terms | Privacy