modiloader | 136e0e4fcf5848ee7cd89cb7a9e8e2dd31fab80eb76387941255097c5fc719bc | Triage

Submit
Reports

Overview

overview

Static

static

3

Swift_Bank_Usd.rar

windows7-x64

1

Swift_Bank_Usd.rar

windows10-2004-x64

1

Swift_Bank_Usd.exe

windows7-x64

3

Swift_Bank_Usd.exe

windows10-2004-x64

Sharing

General

Target

Swift_Bank_Usd.rar
Size

525KB
Sample

250123-mjl2nawndw
MD5

d7023a88b083870c3ea06b1e54097626
SHA1

c37e07c102b646eabec016d9aa3a0a092dd682e7
SHA256

136e0e4fcf5848ee7cd89cb7a9e8e2dd31fab80eb76387941255097c5fc719bc
SHA512

8b29f3a35704e27c0561307a15656f5437bfc47b0a2400783c7035016b9aecf8b63a6c82e19be61dbce4d6c73d98072c9020e934f3297e6b3d6eaa19b343d785
SSDEEP

12288:NsonOsbO0mRjpVddE+g3icSh8B6lBHaDkIuWIO:N5nOsqJ9gScC8BAQNF

Score

10^/10

modiloader discovery persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Swift_Bank_Usd.rar

Resource

win7-20240903-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

Swift_Bank_Usd.rar

Resource

win10v2004-20241007-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral3

Sample

Swift_Bank_Usd.exe

Resource

win7-20240708-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral4

Sample

Swift_Bank_Usd.exe

Resource

win10v2004-20241007-en

modiloader discovery persistence trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  Swift_Bank_Usd.rar
- Size
  
  525KB
- MD5
  
  d7023a88b083870c3ea06b1e54097626
- SHA1
  
  c37e07c102b646eabec016d9aa3a0a092dd682e7
- SHA256
  
  136e0e4fcf5848ee7cd89cb7a9e8e2dd31fab80eb76387941255097c5fc719bc
- SHA512
  
  8b29f3a35704e27c0561307a15656f5437bfc47b0a2400783c7035016b9aecf8b63a6c82e19be61dbce4d6c73d98072c9020e934f3297e6b3d6eaa19b343d785
- SSDEEP
  
  12288:NsonOsbO0mRjpVddE+g3icSh8B6lBHaDkIuWIO:N5nOsqJ9gScC8BAQNF
Score

1^/10
behavioral1 behavioral2
- Target
  
  Swift_Bank_Usd.exe
- Size
  
  1.3MB
- MD5
  
  e1c02c1d4632b25e53d62d7c93ec6888
- SHA1
  
  f0818dbc450af307a2e353d7de6a5b42c95264d7
- SHA256
  
  a3d49aa02f3249b3a41dae94f3b181a205b954e8ad7e4acc1bccf7de535b8c6f
- SHA512
  
  a20c7d5615cbad44151d76f35e6d38f55095ee77be2ccbdcdfde0544f83ecaa15b274676158526fbc6cadd1b7dece9b23f0dea161cceb9cbb4fdfc650c714240
- SSDEEP
  
  24576:JUWe1lsIh7u57Mhl0Siz+h4dYEXvVzlFjG31di:JClztlpiz+adRvVR2D
Score

10^/10

discovery modiloader persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modiloader family
  modiloader
- ModiLoader Second Stage
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

modiloaderdiscoverypersistencetrojan

© 2018-2025

Terms | Privacy