modiloader | a691aa20791fe3b50c0b797b8a2939e505f8e92fef2661738359df582b4ddbc0 | Triage

Submit
Reports

Overview

overview

Static

static

1

saw.bat

windows7-x64

7

saw.bat

windows10-2004-x64

Sharing

General

Target

saw.bat
Size

3.1MB
Sample

241129-h52a9asnez
MD5

1bfba49c6fe199c29d2157f1c80fa1e3
SHA1

10e2e65847e30bc33009ae0469888d331e5aa7fe
SHA256

a691aa20791fe3b50c0b797b8a2939e505f8e92fef2661738359df582b4ddbc0
SHA512

dc10f9a61ef08fe9e395037be5c5d9d9dcb6f6360f75afa2a2f70db412230d9d4fe9a2c1065e270d326663944a6fb81547a44dec1d17655637e1547be9cf6eee
SSDEEP

24576:xxwRiELFSEl5Qv6iP6Vcy5z/K3EzuwTZ9b8063u9CqNaTBAOI3c8zhq4zoc8hnKP:xGR5SEfQZ695bJZfNMADq48c8hn94Z

Score

10^/10

modiloader discovery persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

saw.bat

Resource

win7-20240903-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

saw.bat

Resource

win10v2004-20241007-en

modiloader discovery persistence trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  saw.bat
- Size
  
  3.1MB
- MD5
  
  1bfba49c6fe199c29d2157f1c80fa1e3
- SHA1
  
  10e2e65847e30bc33009ae0469888d331e5aa7fe
- SHA256
  
  a691aa20791fe3b50c0b797b8a2939e505f8e92fef2661738359df582b4ddbc0
- SHA512
  
  dc10f9a61ef08fe9e395037be5c5d9d9dcb6f6360f75afa2a2f70db412230d9d4fe9a2c1065e270d326663944a6fb81547a44dec1d17655637e1547be9cf6eee
- SSDEEP
  
  24576:xxwRiELFSEl5Qv6iP6Vcy5z/K3EzuwTZ9b8063u9CqNaTBAOI3c8zhq4zoc8hnKP:xGR5SEfQZ695bJZfNMADq48c8hn94Z
Score

10^/10

discovery modiloader persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modiloader family
  modiloader
- ModiLoader Second Stage
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

modiloaderdiscoverypersistencetrojan

© 2018-2025

Terms | Privacy