modiloader | e0a7c06a2262bc596a7993a3f24e7834370475e1816f74679d5e5ece79582866 | Triage

Submit
Reports

Overview

overview

Static

static

7

9c7066355b...98.exe

windows7-x64

9c7066355b...98.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

9c7066355b87837c2f5bdc5121104698.exe
Size

110KB
Sample

240103-r7gt3aheb2
MD5

9c7066355b87837c2f5bdc5121104698
SHA1

27c33ddc498fa821577e8cd94333d1f239e54980
SHA256

e0a7c06a2262bc596a7993a3f24e7834370475e1816f74679d5e5ece79582866
SHA512

f85fef636dcc2873e589e02748758b2772b99d32357dc836d6513abc51d57e377c18c24f9909ee5017c7dfdc7c1c88cacfe52e35b3c4feabe42dbc02dac96459
SSDEEP

3072:kGqhD8na4N7C+/uGhv7HQ9tuUPGhXXX0cUa7eNXCaK6zfout:dQD8a4RHmMv89MTJXXNMZCaKMoS

Score

10^/10

modiloader evasion persistence trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

9c7066355b87837c2f5bdc5121104698.exe

Resource

win7-20231215-en

modiloader evasion persistence trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

9c7066355b87837c2f5bdc5121104698.exe

Resource

win10v2004-20231215-en

modiloader evasion persistence trojan upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  9c7066355b87837c2f5bdc5121104698.exe
- Size
  
  110KB
- MD5
  
  9c7066355b87837c2f5bdc5121104698
- SHA1
  
  27c33ddc498fa821577e8cd94333d1f239e54980
- SHA256
  
  e0a7c06a2262bc596a7993a3f24e7834370475e1816f74679d5e5ece79582866
- SHA512
  
  f85fef636dcc2873e589e02748758b2772b99d32357dc836d6513abc51d57e377c18c24f9909ee5017c7dfdc7c1c88cacfe52e35b3c4feabe42dbc02dac96459
- SSDEEP
  
  3072:kGqhD8na4N7C+/uGhv7HQ9tuUPGhXXX0cUa7eNXCaK6zfout:dQD8a4RHmMv89MTJXXNMZCaKMoS
Score

10^/10

modiloader evasion persistence trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderevasionpersistencetrojanupx

behavioral2

modiloaderevasionpersistencetrojanupx

© 2018-2025

Terms | Privacy