modiloader | 8f45f8be860052d275855c87e90c576adb32c197e1154e1abd061b3ba7d75cd8 | Triage

Submit
Reports

Overview

overview

Static

static

5

8f45f8be86...d8.exe

windows7-x64

5

8f45f8be86...d8.exe

windows10-2004-x64

Sharing

General

Target

8f45f8be860052d275855c87e90c576adb32c197e1154e1abd061b3ba7d75cd8
Size

130KB
Sample

250110-exdcns1rhv
MD5

ac061b70f93d1a501b40c2b3510e91ce
SHA1

5b9cd55e2eeb7646d0038a59b947a82f64ac5380
SHA256

8f45f8be860052d275855c87e90c576adb32c197e1154e1abd061b3ba7d75cd8
SHA512

536e7edeb04c57bd401a9869a925db36be4315acde8fd449668c170f23d1f0bdeba08ead82618cfbef4b21a02ca04ce75938490294a72eb34d58af980762c528
SSDEEP

1536:eH1ZaQvR1KiX3NK6I+hZhYrt/w5Q6G6IpiRYzz9qJHhhnm0yG5aP/5UROXTmZ5:SKQJcinxphkG5Q6GdpIOkJHhKRyOXKX

Score

10^/10

modiloader discovery persistence trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

8f45f8be860052d275855c87e90c576adb32c197e1154e1abd061b3ba7d75cd8.exe

Resource

win7-20240903-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

8f45f8be860052d275855c87e90c576adb32c197e1154e1abd061b3ba7d75cd8.exe

Resource

win10v2004-20241007-en

modiloader discovery persistence trojan upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  8f45f8be860052d275855c87e90c576adb32c197e1154e1abd061b3ba7d75cd8
- Size
  
  130KB
- MD5
  
  ac061b70f93d1a501b40c2b3510e91ce
- SHA1
  
  5b9cd55e2eeb7646d0038a59b947a82f64ac5380
- SHA256
  
  8f45f8be860052d275855c87e90c576adb32c197e1154e1abd061b3ba7d75cd8
- SHA512
  
  536e7edeb04c57bd401a9869a925db36be4315acde8fd449668c170f23d1f0bdeba08ead82618cfbef4b21a02ca04ce75938490294a72eb34d58af980762c528
- SSDEEP
  
  1536:eH1ZaQvR1KiX3NK6I+hZhYrt/w5Q6G6IpiRYzz9qJHhhnm0yG5aP/5UROXTmZ5:SKQJcinxphkG5Q6GdpIOkJHhKRyOXKX
Score

10^/10

discovery upx modiloader persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modiloader family
  modiloader
- ModiLoader Second Stage
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

modiloaderdiscoverypersistencetrojanupx

© 2018-2025

Terms | Privacy