modiloader | e900f16dc064f78f6d81fda1dc52a17116d4bb578e6ef528e2f04b3e46b434a3

General

Target

e900f16dc064f78f6d81fda1dc52a17116d4bb578e6ef528e2f04b3e46b434a3
Size

2KB
Sample

240424-bz6v8adg5z
MD5

82fde340f187a517e0feced1d4972363
SHA1

07740ba4e30a1dbc830451a0d05130ba1af28be9
SHA256

e900f16dc064f78f6d81fda1dc52a17116d4bb578e6ef528e2f04b3e46b434a3
SHA512

db1630813f3a6e19b9c1bfb6dbaecd3829592230635721df5e2121217bbe2ea2a7594eae7061d5d2ce2baf4bfad5687ce22fa58dba94e8e30b0d7630e872f79c

Score

10^/10

modiloader trojan

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

https://www.sessosesso.it/assets/aw/yt.hta

Extracted

Language

hta

Source

URLs

hta.dropper

https://www.sessosesso.it/assets/aw/yt.hta

Targets

- Target
  
  e900f16dc064f78f6d81fda1dc52a17116d4bb578e6ef528e2f04b3e46b434a3
- Size
  
  2KB
- MD5
  
  82fde340f187a517e0feced1d4972363
- SHA1
  
  07740ba4e30a1dbc830451a0d05130ba1af28be9
- SHA256
  
  e900f16dc064f78f6d81fda1dc52a17116d4bb578e6ef528e2f04b3e46b434a3
- SHA512
  
  db1630813f3a6e19b9c1bfb6dbaecd3829592230635721df5e2121217bbe2ea2a7594eae7061d5d2ce2baf4bfad5687ce22fa58dba94e8e30b0d7630e872f79c
Score

10^/10

modiloader trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

3

T1012

System Information Discovery

4

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

ModiLoader, DBatLoader

ModiLoader Second Stage

Blocklisted process makes network request

Checks computer location settings

Executes dropped EXE

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2