modiloader | 3cce82eff14a78c73dbc3f64a7abc6476d9b184763a5f6713ce68d6ee8df75f8

Analysis

max time kernel
144s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14/01/2025, 07:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e9802e45a66c963ced0e7c60c899c5cd.exe
Size

1.1MB
MD5

e9802e45a66c963ced0e7c60c899c5cd
SHA1

cd4eee552fb5b4326f5e1bc2d2b16779639d5efb
SHA256

3cce82eff14a78c73dbc3f64a7abc6476d9b184763a5f6713ce68d6ee8df75f8
SHA512

1723dd25dc853d193b4574521b9a0f40e87fa13c2dd74a1d868e8e0d6736ea79c5f0f2896359e555da2da351cbf52b2337956f802e10869eda3c36264143f8b5
SSDEEP

24576:Gw6yj+R7ydItm/2uQAGYDKAVcpzWc4ctu:GDBR2KTYDKArc4Ku

Score

10^/10

modiloader discovery trojan

Malware Config

Signatures

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader
Modiloader family
modiloader

ModiLoader Second Stage 61 IoCs

resource	yara_rule
behavioral2/memory/4552-2-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-10-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-18-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-32-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-66-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-64-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-63-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-62-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-61-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-60-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-58-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-57-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-56-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-55-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-54-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-52-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-51-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-50-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-49-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-48-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-46-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-44-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-45-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-43-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-42-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-41-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-39-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-38-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-37-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-34-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-65-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-31-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-59-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-30-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-53-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-27-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-26-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-47-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-24-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-23-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-22-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-21-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-40-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-20-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-19-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-36-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-35-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-33-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-17-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-29-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-16-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-28-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-15-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-25-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-14-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-13-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-12-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-11-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-9-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-7-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2
behavioral2/memory/4552-8-0x0000000002900000-0x0000000003900000-memory.dmp	modiloader_stage2

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e9802e45a66c963ced0e7c60c899c5cd.exe

Script User-Agent 14 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	52	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	18	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	28	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	40	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	42	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	63	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	67	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	48	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	59	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	65	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	61	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	15	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	44	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	50	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

C:\Users\Admin\AppData\Local\Temp\e9802e45a66c963ced0e7c60c899c5cd.exe
"C:\Users\Admin\AppData\Local\Temp\e9802e45a66c963ced0e7c60c899c5cd.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4552-0-0x0000000002270000-0x0000000002271000-memory.dmp

Filesize
4KB

Download
memory/4552-1-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-2-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-4-0x0000000000400000-0x0000000000524000-memory.dmp

Filesize
1.1MB

Download
memory/4552-5-0x0000000002270000-0x0000000002271000-memory.dmp

Filesize
4KB

Download
memory/4552-10-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-18-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-32-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-66-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-64-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-63-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-62-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-61-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-60-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-58-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-57-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-56-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-55-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-54-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-52-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-51-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-50-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-49-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-48-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-46-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-44-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-45-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-43-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-42-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-41-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-39-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-38-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-37-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-34-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-65-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-31-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-59-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-30-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-53-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-27-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-26-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-47-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-24-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-23-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-22-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-21-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-40-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-20-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-19-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-36-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-35-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-33-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-17-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-29-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-16-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-28-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-15-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-25-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-14-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-13-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-12-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-11-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-9-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-7-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download
memory/4552-8-0x0000000002900000-0x0000000003900000-memory.dmp

Filesize
16.0MB

Download