modiloader | 34449d8a28c71115db526cca22e36b82eac334c08a291f8545b359c007a5626c | Triage

Submit
Reports

Overview

overview

Static

static

5

34449d8a28...cN.exe

windows7-x64

34449d8a28...cN.exe

windows10-2004-x64

Sharing

General

Target

34449d8a28c71115db526cca22e36b82eac334c08a291f8545b359c007a5626cN
Size

90KB
Sample

240930-csvp2sxbra
MD5

0a3159fa7f6a1cf921ec8d2838abaa00
SHA1

daadb49d645ca47576f7981b4a7030444291a395
SHA256

34449d8a28c71115db526cca22e36b82eac334c08a291f8545b359c007a5626c
SHA512

145645eecd75f149a4b223ebcf6331f5776916e6b2813f45c0dbadda544b2178bb9f92fc556c70819894dd2cbe0016e467e58a9953adf9d5448f91c6786154e9
SSDEEP

1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDK:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3Y

Score

10^/10

modiloader discovery persistence trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

34449d8a28c71115db526cca22e36b82eac334c08a291f8545b359c007a5626cN.exe

Resource

win7-20240708-en

modiloader discovery persistence trojan upx

windows7-x64

12 signatures

120 seconds

Behavioral task

behavioral2

Sample

34449d8a28c71115db526cca22e36b82eac334c08a291f8545b359c007a5626cN.exe

Resource

win10v2004-20240802-en

modiloader discovery persistence trojan upx

windows10-2004-x64

12 signatures

120 seconds

Malware Config

Targets

- Target
  
  34449d8a28c71115db526cca22e36b82eac334c08a291f8545b359c007a5626cN
- Size
  
  90KB
- MD5
  
  0a3159fa7f6a1cf921ec8d2838abaa00
- SHA1
  
  daadb49d645ca47576f7981b4a7030444291a395
- SHA256
  
  34449d8a28c71115db526cca22e36b82eac334c08a291f8545b359c007a5626c
- SHA512
  
  145645eecd75f149a4b223ebcf6331f5776916e6b2813f45c0dbadda544b2178bb9f92fc556c70819894dd2cbe0016e467e58a9953adf9d5448f91c6786154e9
- SSDEEP
  
  1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDK:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3Y
Score

10^/10

modiloader discovery persistence trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdiscoverypersistencetrojanupx

behavioral2

modiloaderdiscoverypersistencetrojanupx

© 2018-2025

Terms | Privacy