Extracted

• • Target

    9e21262444644ed806b67c9c21bb89e8e5579ab1ef596ad08632bf744784f2ef

  • Size

    270KB

  • MD5

    92224916dece7e83fe34e50756dc866b

  • SHA1

    ce1221fd9fd4f2373d1b2a69bcff3480da35ad23

  • SHA256

    9e21262444644ed806b67c9c21bb89e8e5579ab1ef596ad08632bf744784f2ef

  • SHA512

    f7beb58ae58662eba921e3f0c82b225417f3ab2970ae58050630fd336fddc64b68350dc33ca99405157fa50711f08155dac590e1fe6cdf39b6a81fe3898424be

  • SSDEEP

    6144:apFZywoS9KT/qXAtzF5jaaFqgDfZstH1Sb:8ZdPKXjaaFqist4b

  Score

  10^/10

  modiloadernjratاختراق الواي فايdiscoveryevasionpersistenceprivilege_escalationtrojan

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • ModiLoader Second Stage

  • Modifies Windows Firewall

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2