modiloader | 8b54bfa7b094648f57ba90f5ba9972436dd4083567099fb04c2728155ebbd1e6 | Triage

Submit
Reports

Overview

overview

Static

static

1

Zulu2021_x86_ru.msi

windows7-x64

6

Zulu2021_x86_ru.msi

windows10-2004-x64

Sharing

General

Target

Zulu2021_x86_ru.msi
Size

191.9MB
Sample

240212-ytzw2sdb32
MD5

012d3312727e7cc31b6b5e15ad8fc629
SHA1

06576bc48c6d05e699a1d0e2afc4a7de43bb7ac9
SHA256

8b54bfa7b094648f57ba90f5ba9972436dd4083567099fb04c2728155ebbd1e6
SHA512

94293d85e41ec517b0096c5b68304b6f15cb55320d87492d915efec18ad39478b0fcb1664c4993a237cf6898e098321b5f856bc28bf6a2a455cae7912f17acd1
SSDEEP

3145728:8rTDjpVj1u7IGrUxIxfIScjp0sapPcLIUWb5RpJt7aDkOUJ4rkPhFSULhtY:87jpvu7hruWfOj6s6cLILvpf7wUJ4rkO

Score

10^/10

modiloader evasion trojan

Static task

static1

Behavioral task

behavioral1

Sample

Zulu2021_x86_ru.msi

Resource

win7-20231129-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

Zulu2021_x86_ru.msi

Resource

win10v2004-20231222-en

modiloader evasion trojan

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  Zulu2021_x86_ru.msi
- Size
  
  191.9MB
- MD5
  
  012d3312727e7cc31b6b5e15ad8fc629
- SHA1
  
  06576bc48c6d05e699a1d0e2afc4a7de43bb7ac9
- SHA256
  
  8b54bfa7b094648f57ba90f5ba9972436dd4083567099fb04c2728155ebbd1e6
- SHA512
  
  94293d85e41ec517b0096c5b68304b6f15cb55320d87492d915efec18ad39478b0fcb1664c4993a237cf6898e098321b5f856bc28bf6a2a455cae7912f17acd1
- SSDEEP
  
  3145728:8rTDjpVj1u7IGrUxIxfIScjp0sapPcLIUWb5RpJt7aDkOUJ4rkPhFSULhtY:87jpvu7hruWfOj6s6cLILvpf7wUJ4rkO
Score

10^/10

modiloader evasion trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader First Stage
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

modiloaderevasiontrojan

© 2018-2024

Terms | Privacy