modiloader | f06d83ce130bae96ebfde9adddd0ff1245febf768e6d984b69816b252808ba0c | Triage

Submit
Reports

Overview

overview

Static

static

3

BBRAUN VIE...00.exe

windows7-x64

BBRAUN VIE...00.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

25032024_2123_BBRAUN VIETNAM - RFQ-QT240422703-01 - 3-29-2024-20-00.rar
Size

371KB
Sample

240325-qnbm9sca4v
MD5

72b383c7a876811155a6feb43417f4f5
SHA1

d0eb9e3cb6c0f492d1201817d6082288967501c5
SHA256

f06d83ce130bae96ebfde9adddd0ff1245febf768e6d984b69816b252808ba0c
SHA512

28e3fb8c550c30b2e6175ff291a09e7ca54d18372a6468b527d37655cce411c830d413e5ddc312a7136e5a7acfdda81782606101b2d051437dea33e088b77631
SSDEEP

6144:gIy1XZbywdb9okafs3QD1lq4GSf7WowoxgfVeffDX3GvNxReqRcOCOPlNVrfq6RT:Fy1XZBdb9CIgfGgwNNeffDX3w+Of7VrF

Score

10^/10

modiloader persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

BBRAUN VIETNAM - RFQ-QT240422703-01 - 3-29-2024-20-00.exe

Resource

win7-20240221-en

modiloader trojan

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

BBRAUN VIETNAM - RFQ-QT240422703-01 - 3-29-2024-20-00.exe

Resource

win10v2004-20240226-en

modiloader persistence trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  BBRAUN VIETNAM - RFQ-QT240422703-01 - 3-29-2024-20-00.exe
- Size
  
  1.0MB
- MD5
  
  bef5602089e49d7df0c2544b887d1e04
- SHA1
  
  cfa99519b6fa66ce8952c205361cf8e2b53b415a
- SHA256
  
  a2c1b716d20b61bc4c57748e1ec195fbac2c5b143cf960d0ffee895160d4b0db
- SHA512
  
  2726f63e7298dbb80a069253ba8645fb527a3c4ae5ff4a02a2a7e3319d5b2f81e5c06c6ea7b18a01bdb6e69251df487610bb2db68adab7e6533e15252ffcf342
- SSDEEP
  
  24576:+PF6DSSEvVi8ds05OTOfYIOBRaR6URr0GDp6erPEM:+PazuAOfh4RaR6URrNpp
Score

10^/10

modiloader trojan persistence
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloadertrojan

behavioral2

modiloaderpersistencetrojan

© 2018-2025

Terms | Privacy