modiloader | 4a17c648c620c59257ae30dba30603f8c314e8cd88aa008328ecff4ebdaa8ad3 | Triage

Submit
Reports

Overview

overview

Static

static

3

Airway bil...df.scr

windows7-x64

Airway bil...df.scr

windows10-2004-x64

Sharing

General

Target

Airwaybilldetails-DeliveryreceiptContactFormno_45987165927_10.7z
Size

600KB
Sample

241230-mnes5sxmhz
MD5

55ab3428e33478dfbfb5a8fe74056ec3
SHA1

e0e72e70b0cb088ed9f3883e118522244da763a8
SHA256

4a17c648c620c59257ae30dba30603f8c314e8cd88aa008328ecff4ebdaa8ad3
SHA512

3f610cc805c04e6547ae4939e90b7a4cc49244480f835869a68e63acd2bc4605007462fbf3551cc7d62c6dee160f335713603802caeddd897bccc32e9144e6d8
SSDEEP

12288:n29ObAc/hFsg/nzVW4D4xfdKhuk44wqndlX+nqUOHadYXl8tKBJTdYh2dn6C:2MEcrP/14lyukpwqnzu88Oo26C

Score

10^/10

modiloader discovery persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Airway bill details - Delivery receipt Contact Form no_45987165927 ,pdf.scr

Resource

win7-20240903-en

modiloader discovery persistence trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

Airway bill details - Delivery receipt Contact Form no_45987165927 ,pdf.scr

Resource

win10v2004-20241007-en

modiloader discovery persistence trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  Airway bill details - Delivery receipt Contact Form no_45987165927 ,pdf.scr
- Size
  
  1.3MB
- MD5
  
  09f4f91713bd6588465534822d5ad96c
- SHA1
  
  3b6b69c8709aea821d60248294d52e3cfefecb23
- SHA256
  
  c8e0836b1e1ea4ee7486eb41994ae198cb5f60f460dc4cbefbbabc186329855f
- SHA512
  
  8b6b9ad29f50a6e141c8a3033d0f668abf63207497ec4a8ba469d5ce08a2ab9a93a06c66cc2e57e614a45d0e188eb0a6f5e94e578c3525c127a4e288a494a774
- SSDEEP
  
  24576:9dk7eYEWx0i5VTe5QCQBSt2jKasCr4LUkq0uHyC6q7KubU+7:90eYbSGUelD0uSC6q7bbU+
Score

10^/10

modiloader discovery persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modiloader family
  modiloader
- ModiLoader Second Stage
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdiscoverypersistencetrojan

behavioral2

modiloaderdiscoverypersistencetrojan

© 2018-2025

Terms | Privacy