modiloader | 6701a519dca5bfe80c0db302f50c0edb67bdb48f3feb2569e19eae2c1c9d6cbf | Triage

Submit
Reports

Overview

overview

Static

static

3

ce9417db64...cs.exe

windows7-x64

ce9417db64...cs.exe

windows10-2004-x64

Sharing

General

Target

ce9417db64112d36f1d37ae65e499be0_NeikiAnalytics
Size

35KB
Sample

240514-vlwmwafg36
MD5

ce9417db64112d36f1d37ae65e499be0
SHA1

05f2e7b62266060d9dbc8c3cb324faedb4b9c6de
SHA256

6701a519dca5bfe80c0db302f50c0edb67bdb48f3feb2569e19eae2c1c9d6cbf
SHA512

0e2b9f308973eaacaf5e1e5bb53bea461e39fd993df802cb736af0680057ee8a276de8f31a06d8e017a5e0c0f922dd2fefd0aa09cddc1825e29ead98938c0120
SSDEEP

768:gTQ2WueGXbvqpBG2VVaa+FaaY0WOy5v7M73G/LyEllVTB:kQ2cwbKQYVx+8apYv7uoLhlVTB

Score

10^/10

modiloader persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ce9417db64112d36f1d37ae65e499be0_NeikiAnalytics.exe

Resource

win7-20240221-en

modiloader trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

ce9417db64112d36f1d37ae65e499be0_NeikiAnalytics.exe

Resource

win10v2004-20240508-en

modiloader persistence trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  ce9417db64112d36f1d37ae65e499be0_NeikiAnalytics
- Size
  
  35KB
- MD5
  
  ce9417db64112d36f1d37ae65e499be0
- SHA1
  
  05f2e7b62266060d9dbc8c3cb324faedb4b9c6de
- SHA256
  
  6701a519dca5bfe80c0db302f50c0edb67bdb48f3feb2569e19eae2c1c9d6cbf
- SHA512
  
  0e2b9f308973eaacaf5e1e5bb53bea461e39fd993df802cb736af0680057ee8a276de8f31a06d8e017a5e0c0f922dd2fefd0aa09cddc1825e29ead98938c0120
- SSDEEP
  
  768:gTQ2WueGXbvqpBG2VVaa+FaaY0WOy5v7M73G/LyEllVTB:kQ2cwbKQYVx+8apYv7uoLhlVTB
Score

10^/10

modiloader trojan persistence
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Modifies Installed Components in the registry
  persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

modiloadertrojan

behavioral2

modiloaderpersistencetrojan

© 2018-2024

Terms | Privacy