modiloader | b82eb14e16332ed4abdaf6acddf4914e014fd387420c5352b57327a6de138451 | Triage

Submit
Reports

Overview

overview

Static

static

3

5b8ee62453...20.exe

windows7-x64

5b8ee62453...20.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

5b8ee624533eb1d03a75434c844d2020
Size

879KB
Sample

240114-w72xfscehm
MD5

5b8ee624533eb1d03a75434c844d2020
SHA1

7e75be02565fa941adb52f285c6011dca1046895
SHA256

b82eb14e16332ed4abdaf6acddf4914e014fd387420c5352b57327a6de138451
SHA512

c200d7d0b155669c9b165b4eb6ac9f4e47c9f280e323b05be3f6ea114e0dda14b5d2b841e932037f67defc18f21c67ae97abd1f4b7d9dc2364f03e1927acd1b0
SSDEEP

24576:AktzYJvF6LiD/iZ4Il10mOgiMSDVEk5Xfax604:AkhovD/iaIU0eVjCxA

Score

10^/10

modiloader evasion trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

5b8ee624533eb1d03a75434c844d2020.exe

Resource

win7-20231215-en

modiloader evasion trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

5b8ee624533eb1d03a75434c844d2020.exe

Resource

win10v2004-20231222-en

modiloader evasion trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  5b8ee624533eb1d03a75434c844d2020
- Size
  
  879KB
- MD5
  
  5b8ee624533eb1d03a75434c844d2020
- SHA1
  
  7e75be02565fa941adb52f285c6011dca1046895
- SHA256
  
  b82eb14e16332ed4abdaf6acddf4914e014fd387420c5352b57327a6de138451
- SHA512
  
  c200d7d0b155669c9b165b4eb6ac9f4e47c9f280e323b05be3f6ea114e0dda14b5d2b841e932037f67defc18f21c67ae97abd1f4b7d9dc2364f03e1927acd1b0
- SSDEEP
  
  24576:AktzYJvF6LiD/iZ4Il10mOgiMSDVEk5Xfax604:AkhovD/iaIU0eVjCxA
Score

10^/10

modiloader evasion trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- ModiLoader Second Stage
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderevasiontrojan

behavioral2

modiloaderevasiontrojan

© 2018-2025

Terms | Privacy