modiloader | fafd0eca0033389b33c6743010aea3a3806768c64510e159144dd13387c1f770 | Triage

Submit
Reports

Overview

overview

Static

static

3

Bank Swift copy.exe

windows7-x64

Bank Swift copy.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

fafd0eca0033389b33c6743010aea3a3806768c64510e159144dd13387c1f770.zip
Size

1003KB
Sample

240224-k4glkafd67
MD5

e9ba4065a74855e57688c181791c1d31
SHA1

970e9bccd3996b4cf1a42aea8db9e79d4de8763c
SHA256

fafd0eca0033389b33c6743010aea3a3806768c64510e159144dd13387c1f770
SHA512

4ff03d5f19d7d4451c2626fee4cb1a8d1f50053bab432d8c15d9a29e199ac68eb3715f9839a693e4fbeeacf3ddd6dd37be99f12956b91a8119aa5ec2b02c9197
SSDEEP

24576:OCxhvaqNJuLWJy2tGFQpoIempJNP1wISjiMFjJx:DNTiWyJFQjzP1wRZj7

Score

10^/10

modiloader persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Bank Swift copy.exe

Resource

win7-20240221-en

modiloader trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

Bank Swift copy.exe

Resource

win10v2004-20240221-en

modiloader persistence trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  Bank Swift copy.exe
- Size
  
  1.7MB
- MD5
  
  c854d0c5426aeec8345f5856abc84c29
- SHA1
  
  9ac17474a7ec53dbb365b1e612be6b1e7c48eb7c
- SHA256
  
  770d33c521f6d3a4bcefff2e106a0f94472110105b57c17bff3cdd25b1dfc489
- SHA512
  
  c3c5f7006367a4fa3a25da847211cb35c40bc963da7e69ce3369900e43fed0a550bf2c22c5717aed936c99b56bfb9cfc97037609114071c5b0389adcc5a71910
- SSDEEP
  
  49152:2uLqn8Y6FlWZ0vH/k3mlXoQq7TuN5udi8ewnXZCz:2uZp/k3mlXoQq+N5uTXZCz
Score

10^/10

modiloader trojan persistence
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloadertrojan

behavioral2

modiloaderpersistencetrojan

© 2018-2025

Terms | Privacy