modiloader | 918d92897024b2ac7d246330efd02b515b2e7e4a4945403099e60b0085419087 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

533c075672...1e.exe

windows7-x64

533c075672...1e.exe

windows10-2004-x64

Sharing

General

Target

533c075672f2afeb5e996892f2c7d71e
Size

294KB
Sample

240111-l7pl1sdhap
MD5

533c075672f2afeb5e996892f2c7d71e
SHA1

7f8527430d81069286db1629b5d6159320d0b9e2
SHA256

918d92897024b2ac7d246330efd02b515b2e7e4a4945403099e60b0085419087
SHA512

98904ab6f88d4bf65bfb6c05fd520364c1b46669e29e037f2540b5f47b214090dfb7248cadb8dac243fb0c338cc8f809db63499ad1e703991033b090cbe84fe1
SSDEEP

6144:ypBaXF5d5tK+gBUcQ6sHZR9DjS+tz3+GlKo6GbXNOyNHFAlL0m:kEtK+ljZrDjRtDVlKpMXNOypFmIm

Score

10^/10

modiloader trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

533c075672f2afeb5e996892f2c7d71e.exe

Resource

win7-20231129-en

modiloader trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

533c075672f2afeb5e996892f2c7d71e.exe

Resource

win10v2004-20231215-en

modiloader trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  533c075672f2afeb5e996892f2c7d71e
- Size
  
  294KB
- MD5
  
  533c075672f2afeb5e996892f2c7d71e
- SHA1
  
  7f8527430d81069286db1629b5d6159320d0b9e2
- SHA256
  
  918d92897024b2ac7d246330efd02b515b2e7e4a4945403099e60b0085419087
- SHA512
  
  98904ab6f88d4bf65bfb6c05fd520364c1b46669e29e037f2540b5f47b214090dfb7248cadb8dac243fb0c338cc8f809db63499ad1e703991033b090cbe84fe1
- SSDEEP
  
  6144:ypBaXF5d5tK+gBUcQ6sHZR9DjS+tz3+GlKo6GbXNOyNHFAlL0m:kEtK+ljZrDjRtDVlKpMXNOypFmIm
Score

10^/10

modiloader trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloadertrojan

behavioral2

modiloadertrojan

© 2018-2025

Terms | Privacy