modiloader | d892a84a725b9756f0e155d7e0e89dc4dd6871ed09c381a8df5fecef4152d1f8 | Triage

Submit
Reports

Overview

overview

Static

static

3

6ff1268d51...79.exe

windows7-x64

6ff1268d51...79.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

6ff1268d51431cadf2f47c3ec5916879
Size

577KB
Sample

240122-wh9wrsbfgr
MD5

6ff1268d51431cadf2f47c3ec5916879
SHA1

f104be510bccf61320e2d21209d9e93e62439b61
SHA256

d892a84a725b9756f0e155d7e0e89dc4dd6871ed09c381a8df5fecef4152d1f8
SHA512

747a82a44ffb730e0be11be6afd717d61578484aaad42aedc5fbe52d1d973d0d2041687273f605abbce8ca826b45407a02b166b0aec2e6a484f5299a362b14d6
SSDEEP

12288:F4FG8VIGj1D+cvxrh9AYkTNhwv0F3Z4mxxODqVTVOCJ:F4FG879V10QmXdVTzJ

Score

10^/10

modiloader persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

6ff1268d51431cadf2f47c3ec5916879.exe

Resource

win7-20231215-en

modiloader persistence trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

6ff1268d51431cadf2f47c3ec5916879.exe

Resource

win10v2004-20231222-en

modiloader persistence trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  6ff1268d51431cadf2f47c3ec5916879
- Size
  
  577KB
- MD5
  
  6ff1268d51431cadf2f47c3ec5916879
- SHA1
  
  f104be510bccf61320e2d21209d9e93e62439b61
- SHA256
  
  d892a84a725b9756f0e155d7e0e89dc4dd6871ed09c381a8df5fecef4152d1f8
- SHA512
  
  747a82a44ffb730e0be11be6afd717d61578484aaad42aedc5fbe52d1d973d0d2041687273f605abbce8ca826b45407a02b166b0aec2e6a484f5299a362b14d6
- SSDEEP
  
  12288:F4FG8VIGj1D+cvxrh9AYkTNhwv0F3Z4mxxODqVTVOCJ:F4FG879V10QmXdVTzJ
Score

10^/10

modiloader persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Sets DLL path for service in the registry
  persistence
- Deletes itself
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderpersistencetrojan

behavioral2

modiloaderpersistencetrojan

© 2018-2025

Terms | Privacy