modiloader | 9d71b356bc7e51729a4726433111be12297dd9403a82cff2e20902944c0af748

Analysis

max time kernel
173s
max time network
185s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 08:13

Target

113fa30db915f15d04bef29a5bf2b366.exe
Size

700KB
MD5

113fa30db915f15d04bef29a5bf2b366
SHA1

5a8f50b7679e947f44db2943307f947e7e26da8c
SHA256

9d71b356bc7e51729a4726433111be12297dd9403a82cff2e20902944c0af748
SHA512

f11696886fe9ec38f6615d015ac39c3069bf667bc53155cea789ae7c89b9dd45bbfc55741910655273f10b5991c3964926cc9ebe823751de785ca1bd1697708d
SSDEEP

12288:Qnmur/blGbyqcvwNiUsK469hkEc/sQjlHNnsKRYc4V:Qm0cbyqc4Nj3kEjQjVNvYLV

Score

10^/10

modiloader trojan

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader

ModiLoader Second Stage 4 IoCs

resource	yara_rule
behavioral2/memory/1172-1-0x0000000000400000-0x00000000004B6000-memory.dmp	modiloader_stage2
behavioral2/memory/1172-2-0x0000000000400000-0x00000000004B6000-memory.dmp	modiloader_stage2
behavioral2/memory/1172-4-0x0000000000800000-0x000000000081B000-memory.dmp	modiloader_stage2
behavioral2/memory/1172-11-0x0000000000400000-0x00000000004B6000-memory.dmp	modiloader_stage2

C:\Users\Admin\AppData\Local\Temp\113fa30db915f15d04bef29a5bf2b366.exe
"C:\Users\Admin\AppData\Local\Temp\113fa30db915f15d04bef29a5bf2b366.exe"
1⤵
PID:1172

memory/1172-0-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/1172-1-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/1172-2-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/1172-4-0x0000000000800000-0x000000000081B000-memory.dmp

Filesize
108KB

Download
memory/1172-10-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/1172-11-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download