modiloader | e11e4469c9c003f2b0074deada876e15f30afccae6178c5317e16cf5e6ee1ff6 | Triage

Submit
Reports

Overview

overview

Static

static

1

F.O Pump I...cx.bat

windows7-x64

F.O Pump I...cx.bat

windows10-2004-x64

Sharing

General

Target

F.O Pump Istek,Docx.bat
Size

2.8MB
Sample

241218-shavwstqgp
MD5

0bdc3aeffe000c9c0c73a3faa2d001d8
SHA1

1c8bc96bd0e00b21d734f936aeaea1e612442912
SHA256

e11e4469c9c003f2b0074deada876e15f30afccae6178c5317e16cf5e6ee1ff6
SHA512

6e577ecc9f09a106bfc32f81ece6e3277f3c02622d12205da0d8efbaf5602d86b6556ed2df576bad9de48c7908122d8ae35008c65ad868822b25b6543865fe83
SSDEEP

24576:kH1yveXvtJNwYay5+kiD7Dm5c0B58llll8lUWtWJxM9bhHNfbTXr063u95fX7:kVyGftJ+YawbiS5BBUvzM9bhHNfnXm

Score

10^/10

modiloader discovery persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

F.O Pump Istek,Docx.bat

Resource

win7-20240903-en

modiloader discovery trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

F.O Pump Istek,Docx.bat

Resource

win10v2004-20241007-en

modiloader discovery persistence trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  F.O Pump Istek,Docx.bat
- Size
  
  2.8MB
- MD5
  
  0bdc3aeffe000c9c0c73a3faa2d001d8
- SHA1
  
  1c8bc96bd0e00b21d734f936aeaea1e612442912
- SHA256
  
  e11e4469c9c003f2b0074deada876e15f30afccae6178c5317e16cf5e6ee1ff6
- SHA512
  
  6e577ecc9f09a106bfc32f81ece6e3277f3c02622d12205da0d8efbaf5602d86b6556ed2df576bad9de48c7908122d8ae35008c65ad868822b25b6543865fe83
- SSDEEP
  
  24576:kH1yveXvtJNwYay5+kiD7Dm5c0B58llll8lUWtWJxM9bhHNfbTXr063u95fX7:kVyGftJ+YawbiS5BBUvzM9bhHNfnXm
Score

10^/10

modiloader discovery trojan persistence
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modiloader family
  modiloader
- ModiLoader Second Stage
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdiscoverytrojan

behavioral2

modiloaderdiscoverypersistencetrojan

© 2018-2024

Terms | Privacy