modiloader | ad7386998b3eee9d010db1a8a25819eee7e5a6febcdc0e691e0d712e396b2e4d | Triage

Submit
Reports

Overview

overview

Static

static

1

ad7386998b...4d.cmd

windows7-x64

ad7386998b...4d.cmd

windows10-2004-x64

Sharing

General

Target

ad7386998b3eee9d010db1a8a25819eee7e5a6febcdc0e691e0d712e396b2e4d.cmd
Size

7.2MB
Sample

240918-bxwx8swdnl
MD5

d5858cf606ef7f5b5005a08b560cd189
SHA1

475e487ee2345eecb94e4f741d752d060c35e0ff
SHA256

ad7386998b3eee9d010db1a8a25819eee7e5a6febcdc0e691e0d712e396b2e4d
SHA512

a535a2892fdd7cde0e05c691fd0114d44279a70efe03e8851c79d5846edcb45091a09f6a3c1ca220112a6343b3be9ba8c8a6cd8f472addb9c521ecf0763bb7f6
SSDEEP

49152:bi5/QaYmqMijFjB6yaHAd0QNEhTp0Ki1OspQcmItJXi4mqkU5Pq:0

Score

10^/10

modiloader collection credential_access discovery persistence stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

ad7386998b3eee9d010db1a8a25819eee7e5a6febcdc0e691e0d712e396b2e4d.cmd

Resource

win7-20240708-en

modiloader discovery trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

ad7386998b3eee9d010db1a8a25819eee7e5a6febcdc0e691e0d712e396b2e4d.cmd

Resource

win10v2004-20240802-en

modiloader collection credential_access discovery persistence stealer trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  ad7386998b3eee9d010db1a8a25819eee7e5a6febcdc0e691e0d712e396b2e4d.cmd
- Size
  
  7.2MB
- MD5
  
  d5858cf606ef7f5b5005a08b560cd189
- SHA1
  
  475e487ee2345eecb94e4f741d752d060c35e0ff
- SHA256
  
  ad7386998b3eee9d010db1a8a25819eee7e5a6febcdc0e691e0d712e396b2e4d
- SHA512
  
  a535a2892fdd7cde0e05c691fd0114d44279a70efe03e8851c79d5846edcb45091a09f6a3c1ca220112a6343b3be9ba8c8a6cd8f472addb9c521ecf0763bb7f6
- SSDEEP
  
  49152:bi5/QaYmqMijFjB6yaHAd0QNEhTp0Ki1OspQcmItJXi4mqkU5Pq:0
Score

10^/10

modiloader discovery trojan collection credential_access persistence stealer
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- ModiLoader Second Stage
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook accounts
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdiscoverytrojan

behavioral2

modiloadercollectioncredential_accessdiscoverypersistencestealertrojan

© 2018-2025

Terms | Privacy