modiloader | 997c304ce3dda0563fb5bf851d70506f0bce08ecb78b52d285e606f3eb4257d4 | Triage

Sharing

General

Target

9d5db49415cf612c38ab7ac6c66fb340N
Size

3.7MB
Sample

240912-jfxgfaycld
MD5

9d5db49415cf612c38ab7ac6c66fb340
SHA1

c8145f49516dc6f0cb56f1d119c7b4b04dd446af
SHA256

997c304ce3dda0563fb5bf851d70506f0bce08ecb78b52d285e606f3eb4257d4
SHA512

d9b85468298ac37ea63cb0d559ccdcda607e20be70fd8e6e3821c6f6ee17115bc54c4ee25f2388a2f99225b25b40770751c983b59f5b47a84f09b0b3c7eff64d
SSDEEP

49152:qiMPHS7dtKUZayY912cBfIYx9lW8SMuPwNHnNCl3k+PynJIFMVP0fp7TVWgZUfQc:2Py76UZLY+NYxX/yxqymqB97UfQc

Score

10^/10

modiloader discovery evasion persistence trojan

Malware Config

Targets

- Target
  
  9d5db49415cf612c38ab7ac6c66fb340N
- Size
  
  3.7MB
- MD5
  
  9d5db49415cf612c38ab7ac6c66fb340
- SHA1
  
  c8145f49516dc6f0cb56f1d119c7b4b04dd446af
- SHA256
  
  997c304ce3dda0563fb5bf851d70506f0bce08ecb78b52d285e606f3eb4257d4
- SHA512
  
  d9b85468298ac37ea63cb0d559ccdcda607e20be70fd8e6e3821c6f6ee17115bc54c4ee25f2388a2f99225b25b40770751c983b59f5b47a84f09b0b3c7eff64d
- SSDEEP
  
  49152:qiMPHS7dtKUZayY912cBfIYx9lW8SMuPwNHnNCl3k+PynJIFMVP0fp7TVWgZUfQc:2Py76UZLY+NYxX/yxqymqB97UfQc
Score

10^/10

modiloader discovery evasion persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies visiblity of hidden/system files in Explorer
  evasion
- ModiLoader Second Stage
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdiscoveryevasionpersistencetrojan

behavioral2

modiloaderdiscoveryevasionpersistencetrojan