modiloader | c9385f9be9ce63aada94ced7076bada0b3b46ac3ceef3d55f09d9330a1f07b7b | Triage

Submit
Reports

Overview

overview

Static

static

1

UPDATED_PO...83.chm

windows7-x64

UPDATED_PO...83.chm

windows10-2004-x64

Sharing

General

Target

UPDATED_PO_9587483.chm
Size

75KB
Sample

250121-md8cpsymbx
MD5

be84e4cc5be9f94fa761fc67afa8fe80
SHA1

7d3ef8e6e17a398631896d46458ba6c35f6467da
SHA256

c9385f9be9ce63aada94ced7076bada0b3b46ac3ceef3d55f09d9330a1f07b7b
SHA512

87be82fc1488af34b4eb868ad0628c642259358f229a8370bed02ea27efdccec9ed3def768c17627c3a7cc3cbb447e06e7fa8c565a246244bad2d97d3267bce0
SSDEEP

1536:skQ/2F/Efsls403Pacb99MdsTEnmmqdHB3fmMwIUGlGgOtrI7mI:nQelsVyu5sYb3VOS7mI

Score

10^/10

modiloader defense_evasion discovery execution persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

UPDATED_PO_9587483.chm

Resource

win7-20240708-en

modiloader defense_evasion discovery execution persistence trojan

windows7-x64

21 signatures

150 seconds

Behavioral task

behavioral2

Sample

UPDATED_PO_9587483.chm

Resource

win10v2004-20241007-en

modiloader defense_evasion discovery execution trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  UPDATED_PO_9587483.chm
- Size
  
  75KB
- MD5
  
  be84e4cc5be9f94fa761fc67afa8fe80
- SHA1
  
  7d3ef8e6e17a398631896d46458ba6c35f6467da
- SHA256
  
  c9385f9be9ce63aada94ced7076bada0b3b46ac3ceef3d55f09d9330a1f07b7b
- SHA512
  
  87be82fc1488af34b4eb868ad0628c642259358f229a8370bed02ea27efdccec9ed3def768c17627c3a7cc3cbb447e06e7fa8c565a246244bad2d97d3267bce0
- SSDEEP
  
  1536:skQ/2F/Efsls403Pacb99MdsTEnmmqdHB3fmMwIUGlGgOtrI7mI:nQelsVyu5sYb3VOS7mI
Score

10^/10

modiloader defense_evasion discovery execution persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modiloader family
  modiloader
- ModiLoader Second Stage
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Hide Artifacts: Hidden Window
  Windows that would typically be displayed when an application carries out an operation can be hidden.
  defense_evasion
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Window

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdefense_evasiondiscoveryexecutionpersistencetrojan

behavioral2

modiloaderdefense_evasiondiscoveryexecutiontrojan

© 2018-2025

Terms | Privacy