modiloader | a03a19ff39a6663f2b7f4559fb47b1d7504289137418000a1df105bdf6a075a2 | Triage

Submit
Reports

Overview

overview

Static

static

3

20e89aaf29...cs.exe

windows7-x64

20e89aaf29...cs.exe

windows10-2004-x64

Sharing

General

Target

20e89aaf29599624f26798bd75abaa00_NeikiAnalytics.exe
Size

308KB
Sample

240527-gc66csag96
MD5

20e89aaf29599624f26798bd75abaa00
SHA1

bf13485f956bc392ba4794b5143cc66eb235e83b
SHA256

a03a19ff39a6663f2b7f4559fb47b1d7504289137418000a1df105bdf6a075a2
SHA512

45c1645b452700854db08fbdf7ce9e21620d5f71b6c1443b5870a6057138b436c75e656e58969bba03fcc19a822adb2e07cbfec1084b17428ccdbfa23e3763a7
SSDEEP

3072:/c3sBG7mXh7m/zZM3jAbNOM6CNtDCZFL:E3sBz0Z4Mj72F

Score

10^/10

modiloader persistence trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

20e89aaf29599624f26798bd75abaa00_NeikiAnalytics.exe

Resource

win7-20240221-en

modiloader persistence trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

20e89aaf29599624f26798bd75abaa00_NeikiAnalytics.exe

Resource

win10v2004-20240426-en

modiloader persistence trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  20e89aaf29599624f26798bd75abaa00_NeikiAnalytics.exe
- Size
  
  308KB
- MD5
  
  20e89aaf29599624f26798bd75abaa00
- SHA1
  
  bf13485f956bc392ba4794b5143cc66eb235e83b
- SHA256
  
  a03a19ff39a6663f2b7f4559fb47b1d7504289137418000a1df105bdf6a075a2
- SHA512
  
  45c1645b452700854db08fbdf7ce9e21620d5f71b6c1443b5870a6057138b436c75e656e58969bba03fcc19a822adb2e07cbfec1084b17428ccdbfa23e3763a7
- SSDEEP
  
  3072:/c3sBG7mXh7m/zZM3jAbNOM6CNtDCZFL:E3sBz0Z4Mj72F
Score

10^/10

modiloader persistence trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

modiloaderpersistencetrojanupx

behavioral2

modiloaderpersistencetrojanupx

© 2018-2024

Terms | Privacy