modiloader | 6ffd546c1fa5b5e0bd0b5be08ef6c7d19efd4eca8de2f523fe23961a53d438d7 | Triage

Submit
Reports

Overview

overview

Static

static

3

c9bac4ac56...9c.exe

windows11-21h2-x64

Resubmissions

21-01-2025 14:23

250121-rqhp2axpfs 10

21-01-2025 14:20

250121-rnp2bsykcp 10

Sharing

General

Target

c9bac4ac565d31203a6de79955a300771c1ee41f72c227bebff984c83eaa409c.zip
Size

583KB
Sample

250121-rnp2bsykcp
MD5

1dd2e3421f983925287282eba147298d
SHA1

b5b090e9d926db672e924498b8bbd78dd0130d89
SHA256

6ffd546c1fa5b5e0bd0b5be08ef6c7d19efd4eca8de2f523fe23961a53d438d7
SHA512

980e149902ef32496ac1e9eb9de6b6588d07379430280b047f943883362fe8c178b695bb105d47cfc1bf1a1cc7d261db5fa928d103d7dcab44ca78eeab361e44
SSDEEP

12288:zxVK0AWuPxmlBll05aiCEWtyYJDRV6+BIOvItLO7PFga6w:zR8xmlBX05pCC8k+B5MODFgE

Score

10^/10

modiloader discovery persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c9bac4ac565d31203a6de79955a300771c1ee41f72c227bebff984c83eaa409c.exe

Resource

win11-20241007-en

modiloader discovery persistence trojan

windows11-21h2-x64

20 signatures

900 seconds

Malware Config

Targets

- Target
  
  c9bac4ac565d31203a6de79955a300771c1ee41f72c227bebff984c83eaa409c.exe
- Size
  
  1.1MB
- MD5
  
  4603c75b3b7ae5c693adf7d08dfc72f8
- SHA1
  
  536fbca93073cbc2a19ed9be874086bc3acab2d5
- SHA256
  
  c9bac4ac565d31203a6de79955a300771c1ee41f72c227bebff984c83eaa409c
- SHA512
  
  237927752e93a65c93a6cfdbac6d6499a29c518a316d4fc3b0e6f1d736e84279ae1017e369b2fb0f25fd1970775622d493120a0792902aa6009fd91d5d4a4d81
- SSDEEP
  
  24576:WCcGj5EfZJsVJrjzh4dYEXvVzlFjG31di:Wi8GadRvVR2D
Score

10^/10

modiloader discovery persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modiloader family
  modiloader
- ModiLoader Second Stage
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdiscoverypersistencetrojan

© 2018-2025

Terms | Privacy