modiloader | d254e9256ab7b8439bc8ea8cd4dde4ea5100c33449cf9f0a8bc1f0b3e91818ea | Triage

Submit
Reports

Overview

overview

Static

static

3

9b0df12dd9...69.exe

windows7-x64

9b0df12dd9...69.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

9b0df12dd9d6e7f5dc6ddb8ea4b42769
Size

728KB
Sample

240214-hrlcwadb76
MD5

9b0df12dd9d6e7f5dc6ddb8ea4b42769
SHA1

8cb79063c40133c0f8ae4215594ae0f2ba63ef05
SHA256

d254e9256ab7b8439bc8ea8cd4dde4ea5100c33449cf9f0a8bc1f0b3e91818ea
SHA512

54bc897b2e62e5a1dae32ca435b73b48aa33a372329d05ecb6b2bba5e05c482f7383e1f345353c08ab1f7b6fa31336a863cf0eb19491633627a3cddc344e0565
SSDEEP

12288:KOwQpo7YNQ8LPxez8dFlZqB5UG8HUxjRydmKcF+YM2WJePxM7fbItbNHK6LLf:KOwpwQfz+8MHUxym1+RAPxM7ObNqWf

Score

10^/10

modiloader evasion trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9b0df12dd9d6e7f5dc6ddb8ea4b42769.exe

Resource

win7-20231215-en

modiloader evasion trojan upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

9b0df12dd9d6e7f5dc6ddb8ea4b42769.exe

Resource

win10v2004-20231222-en

modiloader evasion trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  9b0df12dd9d6e7f5dc6ddb8ea4b42769
- Size
  
  728KB
- MD5
  
  9b0df12dd9d6e7f5dc6ddb8ea4b42769
- SHA1
  
  8cb79063c40133c0f8ae4215594ae0f2ba63ef05
- SHA256
  
  d254e9256ab7b8439bc8ea8cd4dde4ea5100c33449cf9f0a8bc1f0b3e91818ea
- SHA512
  
  54bc897b2e62e5a1dae32ca435b73b48aa33a372329d05ecb6b2bba5e05c482f7383e1f345353c08ab1f7b6fa31336a863cf0eb19491633627a3cddc344e0565
- SSDEEP
  
  12288:KOwQpo7YNQ8LPxez8dFlZqB5UG8HUxjRydmKcF+YM2WJePxM7fbItbNHK6LLf:KOwpwQfz+8MHUxym1+RAPxM7ObNqWf
Score

10^/10

modiloader evasion trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- UAC bypass
  evasion trojan
- ModiLoader Second Stage
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderevasiontrojanupx

behavioral2

modiloaderevasiontrojanupx

© 2018-2025

Terms | Privacy