modiloader | 6af93ae99cc69a9c617224c704230f42ade010e43409f8f609774528df13b95a | Triage

Submit
Reports

Overview

overview

Static

static

6af93ae99c...5a.exe

windows7-x64

6af93ae99c...5a.exe

windows10-2004-x64

Sharing

General

Target

6af93ae99cc69a9c617224c704230f42ade010e43409f8f609774528df13b95a
Size

326KB
Sample

240511-278b5agd33
MD5

4d097d238a7302cf85ec13dc37368a94
SHA1

61a7dc09ff73dc7fabbfa16cdd7da0ab49d0c3fa
SHA256

6af93ae99cc69a9c617224c704230f42ade010e43409f8f609774528df13b95a
SHA512

59ffe94d939b84aa0e25dca3ce7e29def3a95661f51ab2f06e5173a7ae18c1e6b0056095a9c8724cb68835729a592fcc1632f240b0639793f90d6a22f229122e
SSDEEP

3072:Ie2A0wxDqUpM5scww4chO+O1BmP5DG0sg3i4XZ9WvDZHwdRX/L+gP38XV:IsxD5cwohO+O1sVG0/pZ6iPC8

Score

10^/10

modiloader persistence trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

6af93ae99cc69a9c617224c704230f42ade010e43409f8f609774528df13b95a.exe

Resource

win7-20240221-en

modiloader persistence trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

6af93ae99cc69a9c617224c704230f42ade010e43409f8f609774528df13b95a.exe

Resource

win10v2004-20240226-en

modiloader persistence trojan upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  6af93ae99cc69a9c617224c704230f42ade010e43409f8f609774528df13b95a
- Size
  
  326KB
- MD5
  
  4d097d238a7302cf85ec13dc37368a94
- SHA1
  
  61a7dc09ff73dc7fabbfa16cdd7da0ab49d0c3fa
- SHA256
  
  6af93ae99cc69a9c617224c704230f42ade010e43409f8f609774528df13b95a
- SHA512
  
  59ffe94d939b84aa0e25dca3ce7e29def3a95661f51ab2f06e5173a7ae18c1e6b0056095a9c8724cb68835729a592fcc1632f240b0639793f90d6a22f229122e
- SSDEEP
  
  3072:Ie2A0wxDqUpM5scww4chO+O1BmP5DG0sg3i4XZ9WvDZHwdRX/L+gP38XV:IsxD5cwohO+O1sVG0/pZ6iPC8
Score

10^/10

modiloader persistence trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Detects Windows executables referencing non-Windows User-Agents
- ModiLoader Second Stage
- UPX dump on OEP (original entry point)
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderpersistencetrojanupx

behavioral2

modiloaderpersistencetrojanupx

© 2018-2024

Terms | Privacy