modiloader | bb36209f6fa2bdef3230fb94d29c17cec59e5b5dfcbcf11945fe1688207c65f2 | Triage

Submit
Reports

Overview

overview

Static

static

1

Payment_032.xls

windows7-x64

Payment_032.xls

windows10-2004-x64

1

Sharing

General

Target

Payment_032.xls
Size

307KB
Sample

240423-xylpjsbb35
MD5

6aa1dfb11347b5e8dd830ada6be5cbcc
SHA1

54b5ed4e37695e982e3edccdc8071d6327451b75
SHA256

bb36209f6fa2bdef3230fb94d29c17cec59e5b5dfcbcf11945fe1688207c65f2
SHA512

dfacec24132f80dc73c795242ab8fac37d645f0cdc34e2a185ab7afd5f8af721a269bede6eb49ed61de4aab9bbd04ff311e68fd6158ee57064887952cab44436
SSDEEP

6144:ZvAunhXYeY35qAOJl/YrLYz+WrNhZF+E+fgL+0dD8ivSbVmGMIIMBQP6sLRaivIH:ZvZhXY33bVmGMIIjPrR773qDhWa

Score

10^/10

modiloader trojan

Static task

static1

Behavioral task

behavioral1

Sample

Payment_032.xls

Resource

win7-20231129-en

modiloader trojan

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

Payment_032.xls

Resource

win10v2004-20240412-en

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  Payment_032.xls
- Size
  
  307KB
- MD5
  
  6aa1dfb11347b5e8dd830ada6be5cbcc
- SHA1
  
  54b5ed4e37695e982e3edccdc8071d6327451b75
- SHA256
  
  bb36209f6fa2bdef3230fb94d29c17cec59e5b5dfcbcf11945fe1688207c65f2
- SHA512
  
  dfacec24132f80dc73c795242ab8fac37d645f0cdc34e2a185ab7afd5f8af721a269bede6eb49ed61de4aab9bbd04ff311e68fd6158ee57064887952cab44436
- SSDEEP
  
  6144:ZvAunhXYeY35qAOJl/YrLYz+WrNhZF+E+fgL+0dD8ivSbVmGMIIMBQP6sLRaivIH:ZvZhXY33bVmGMIIjPrR773qDhWa
Score

10^/10

modiloader trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Blocklisted process makes network request
- Downloads MZ/PE file
- Abuses OpenXML format to download file from external location
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

modiloadertrojan

behavioral2

© 2018-2024

Terms | Privacy