modiloader | bafc0acf03f6eb95477c8d5e13a5ec135adc113fae864ba93d00415f7902bc34 | Triage

Submit
Reports

Overview

overview

Static

static

7

68b9345518...cs.exe

windows7-x64

68b9345518...cs.exe

windows10-2004-x64

Sharing

General

Target

68b93455187d4d864fb3768962e94350_NeikiAnalytics.exe
Size

90KB
Sample

240618-3y513szbng
MD5

68b93455187d4d864fb3768962e94350
SHA1

04adb31e9e79182b33831cbcb1199d44ca121dae
SHA256

bafc0acf03f6eb95477c8d5e13a5ec135adc113fae864ba93d00415f7902bc34
SHA512

9d58752711785550809993d7341164c7a9f25a09e07d7c69294bb60596dc56341718f43f4b1b45344f6bf9dce6aaee6aaa718df417c73772a56a898e3e1bb15f
SSDEEP

1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDK:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3Y

Score

10^/10

modiloader persistence trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

68b93455187d4d864fb3768962e94350_NeikiAnalytics.exe

Resource

win7-20240611-en

modiloader persistence trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

68b93455187d4d864fb3768962e94350_NeikiAnalytics.exe

Resource

win10v2004-20240508-en

modiloader persistence trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  68b93455187d4d864fb3768962e94350_NeikiAnalytics.exe
- Size
  
  90KB
- MD5
  
  68b93455187d4d864fb3768962e94350
- SHA1
  
  04adb31e9e79182b33831cbcb1199d44ca121dae
- SHA256
  
  bafc0acf03f6eb95477c8d5e13a5ec135adc113fae864ba93d00415f7902bc34
- SHA512
  
  9d58752711785550809993d7341164c7a9f25a09e07d7c69294bb60596dc56341718f43f4b1b45344f6bf9dce6aaee6aaa718df417c73772a56a898e3e1bb15f
- SSDEEP
  
  1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDK:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3Y
Score

10^/10

modiloader persistence trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

modiloaderpersistencetrojanupx

behavioral2

modiloaderpersistencetrojanupx

© 2018-2024

Terms | Privacy