modiloader | infected[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

infected.zip
Size

128.3MB
MD5

0436cdb5fe944a36e37ef4e493460c2b
SHA1

d778fdaae0c8e2533695a01ab27636bd98e5c876
SHA256

1b175d4ebb42ce316f2cfd00719ed74af50b59aa4e5efd6667d89295e4817ae2
SHA512

71b7a53ca1953de545f046dd280d3c05b82e66fe123feed3f3484a419082275926b9adcf4a9339c3c05b00877f037053b371617d9064177823d8f9fda62488e7
SSDEEP

3145728:fWBI7I4XljXTkzurmMb/DfA3ZE5B/HWayjU1ARM7anZ+l3YRbW+kY:fmGIwljX9Prc8Bxju+loRK+l

Score

10^/10

modiloader

Malware Config

Signatures

ModiLoader First Stage 1 IoCs

resource	yara_rule
static1/unpack001/Se-up.exe	modiloader_stage1

Modiloader family
modiloader

Files

infected.zip
.zip
Se-up.exe
.exe windows:4 windows x86 arch:x86

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

72:aa:1d:36:69:c1:0a:61:7e:12:e3:86:ec:62:f7:f7
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

03-04-2024 00:00

Not After

03-04-2027 23:59

Subject

SERIALNUMBER=05901601,CN=FireDaemon Technologies Limited,O=FireDaemon Technologies Limited,ST=Suffolk,C=GB,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024742

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89
Certificate

Issuer

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Not Before

15-01-2024 00:00

Not After

14-04-2035 23:59

Subject

CN=Sectigo Public Time Stamping Signer R35,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f
Certificate

Issuer

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

22-03-2021 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

95:fd:41:3c:1b:43:cc:b3:ec:16:8c:6a:0a:c1:ee:e5:ac:25:0a:c6:e3:24:53:07:fe:48:0b:b1:fd:74:aa:bd
Signer

Actual PE Digest

95:fd:41:3c:1b:43:cc:b3:ec:16:8c:6a:0a:c1:ee:e5:ac:25:0a:c6:e3:24:53:07:fe:48:0b:b1:fd:74:aa:bd

Digest Algorithm

sha256

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 6KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate

Extended Key Usages

Key Usages

72:aa:1d:36:69:c1:0a:61:7e:12:e3:86:ec:62:f7:f7Certificate

Extended Key Usages

Key Usages

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89Certificate

Extended Key Usages

Key Usages

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3fCertificate

Extended Key Usages

Key Usages

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68Certificate

Extended Key Usages

Key Usages

95:fd:41:3c:1b:43:cc:b3:ec:16:8c:6a:0a:c1:ee:e5:ac:25:0a:c6:e3:24:53:07:fe:48:0b:b1:fd:74:aa:bdSigner

Headers

File Characteristics

Sections

CODE Size: 1.3MB - Virtual size: 1.3MB

DATA Size: 28KB - Virtual size: 28KB

BSS Size: - Virtual size: 6KB

.idata Size: 13KB - Virtual size: 12KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 84KB - Virtual size: 84KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

72:aa:1d:36:69:c1:0a:61:7e:12:e3:86:ec:62:f7:f7
Certificate

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89
Certificate

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f
Certificate

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68
Certificate

95:fd:41:3c:1b:43:cc:b3:ec:16:8c:6a:0a:c1:ee:e5:ac:25:0a:c6:e3:24:53:07:fe:48:0b:b1:fd:74:aa:bd
Signer

CODE
Size: 1.3MB - Virtual size: 1.3MB

DATA
Size: 28KB - Virtual size: 28KB

BSS
Size: - Virtual size: 6KB

.idata
Size: 13KB - Virtual size: 12KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 84KB - Virtual size: 84KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB