modiloader | 05b01f6a18298bc80bc18f96ae1fdb7c1d9f6c6740e5f1a718dc0d71c9bd420d | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

b76aa10649...bd.exe

windows7-x64

b76aa10649...bd.exe

windows10-2004-x64

7

Sharing

General

Target

b76aa106494692b9824f6a18c2e98abd
Size

626KB
Sample

240306-pthhbsah3y
MD5

b76aa106494692b9824f6a18c2e98abd
SHA1

0b1a0259c1e391a92724de96d8ace897a78c510d
SHA256

05b01f6a18298bc80bc18f96ae1fdb7c1d9f6c6740e5f1a718dc0d71c9bd420d
SHA512

987cf4ceb2a087e33fa4b1a907a20d56400ed893db7b28741f876b777f90eaacc15539655cd568a669009f1b94193947e99b86f1e458541d659171e52d83f0bb
SSDEEP

12288:16CcVhS4u/51Kvcz6L93SOO11heOzC3gAJ5VYatJ9xqvNSHTV:1Vihs/51fGLmeNgAJkav+Ngx

Score

10^/10

modiloader evasion trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b76aa106494692b9824f6a18c2e98abd.exe

Resource

win7-20240221-en

modiloader evasion trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

b76aa106494692b9824f6a18c2e98abd.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Targets

- Target
  
  b76aa106494692b9824f6a18c2e98abd
- Size
  
  626KB
- MD5
  
  b76aa106494692b9824f6a18c2e98abd
- SHA1
  
  0b1a0259c1e391a92724de96d8ace897a78c510d
- SHA256
  
  05b01f6a18298bc80bc18f96ae1fdb7c1d9f6c6740e5f1a718dc0d71c9bd420d
- SHA512
  
  987cf4ceb2a087e33fa4b1a907a20d56400ed893db7b28741f876b777f90eaacc15539655cd568a669009f1b94193947e99b86f1e458541d659171e52d83f0bb
- SSDEEP
  
  12288:16CcVhS4u/51Kvcz6L93SOO11heOzC3gAJ5VYatJ9xqvNSHTV:1Vihs/51fGLmeNgAJkav+Ngx
Score

10^/10

modiloader evasion trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderevasiontrojan

behavioral2

© 2018-2025

Terms | Privacy