modiloader | de93b6fbaa54d0a901ac347c3cad9cf5d0d70ed99309212be596855533f858e2 | Triage

Submit
Reports

Overview

overview

Static

static

71254592c6...22.exe

windows7-x64

71254592c6...22.exe

windows10-2004-x64

Sharing

General

Target

71254592c6501f0f20f621ee6df40022
Size

1.1MB
Sample

240124-cek9fsfegr
MD5

71254592c6501f0f20f621ee6df40022
SHA1

f3bba6d527d9f17d23ac380fc9e1077f1f38edac
SHA256

de93b6fbaa54d0a901ac347c3cad9cf5d0d70ed99309212be596855533f858e2
SHA512

0d0b65f3d9a798760e4c79fc699677e5ba69260406ba459a9de6b8ed0758fe9c714145ea87c118d44cd513245e0edf47d8b2e2e4b58fcab7498f16679770e63b
SSDEEP

24576:29wY7MN5CJ8LbdxfTM0atqjPshzaX6jjsA712CRrz2nSoOXwVET:ewYob48PntwuPshzaqjjsePFI3OXWE

Score

10^/10

modiloader persistence trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

71254592c6501f0f20f621ee6df40022.exe

Resource

win7-20231215-en

modiloader persistence trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

71254592c6501f0f20f621ee6df40022.exe

Resource

win10v2004-20231215-en

modiloader persistence trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  71254592c6501f0f20f621ee6df40022
- Size
  
  1.1MB
- MD5
  
  71254592c6501f0f20f621ee6df40022
- SHA1
  
  f3bba6d527d9f17d23ac380fc9e1077f1f38edac
- SHA256
  
  de93b6fbaa54d0a901ac347c3cad9cf5d0d70ed99309212be596855533f858e2
- SHA512
  
  0d0b65f3d9a798760e4c79fc699677e5ba69260406ba459a9de6b8ed0758fe9c714145ea87c118d44cd513245e0edf47d8b2e2e4b58fcab7498f16679770e63b
- SSDEEP
  
  24576:29wY7MN5CJ8LbdxfTM0atqjPshzaX6jjsA712CRrz2nSoOXwVET:ewYob48PntwuPshzaqjjsePFI3OXWE
Score

10^/10

modiloader persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderpersistencetrojan

behavioral2

modiloaderpersistencetrojan

© 2018-2025

Terms | Privacy