modiloader | f4515e37cb825f98a02a4e2c74086fcdead45fd4358fcd461b894c00bdc44922 | Triage

Submit
Reports

Overview

overview

Static

static

3

BANK_SWIFT_USD.exe

windows7-x64

3

BANK_SWIFT_USD.exe

windows10-2004-x64

Sharing

General

Target

nBANK_SWIFT_USD.tar
Size

521KB
Sample

250123-nrpyysymdx
MD5

d9a4a241b54644f3f416dd18cab40641
SHA1

035056dd4e94c480eb0aaf9b95ffa70b64335181
SHA256

f4515e37cb825f98a02a4e2c74086fcdead45fd4358fcd461b894c00bdc44922
SHA512

291965d629e3763fb9e7dce7a94ac6671488e16aa8a5640ef049e1d23dbef0509c17cb5acb4c8f42c28d69a396c0c75d1bd9ac0ce62d9448215a2b9ee6823ecb
SSDEEP

12288:DLCbQsUIsEY1DNetynX02pIBtAO5NtzaWGXgNd6DWlic:DubxUIaWynEnt15NlIzWYc

Score

10^/10

modiloader discovery persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

BANK_SWIFT_USD.exe

Resource

win7-20240903-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

BANK_SWIFT_USD.exe

Resource

win10v2004-20241007-en

modiloader discovery persistence trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  BANK_SWIFT_USD.exe
- Size
  
  1.3MB
- MD5
  
  e1c02c1d4632b25e53d62d7c93ec6888
- SHA1
  
  f0818dbc450af307a2e353d7de6a5b42c95264d7
- SHA256
  
  a3d49aa02f3249b3a41dae94f3b181a205b954e8ad7e4acc1bccf7de535b8c6f
- SHA512
  
  a20c7d5615cbad44151d76f35e6d38f55095ee77be2ccbdcdfde0544f83ecaa15b274676158526fbc6cadd1b7dece9b23f0dea161cceb9cbb4fdfc650c714240
- SSDEEP
  
  24576:JUWe1lsIh7u57Mhl0Siz+h4dYEXvVzlFjG31di:JClztlpiz+adRvVR2D
Score

10^/10

discovery modiloader persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modiloader family
  modiloader
- ModiLoader Second Stage
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

modiloaderdiscoverypersistencetrojan

© 2018-2025

Terms | Privacy