modiloader | 3f17b4278dea108ce15fdf6507d74cb36246f8898780d539de6a857666ec76fd | Triage

Submit
Reports

Overview

overview

Static

static

3

MV GOLDEN ...LS.exe

windows7-x64

3

MV GOLDEN ...LS.exe

windows10-2004-x64

Sharing

General

Target

20022025_0802_19022025_MV GOLDEN SCHULTE DETAILS.zip
Size

1.1MB
Sample

250220-jxeyqazncy
MD5

183bf9c80170a064340e6c5938f37016
SHA1

ab5c635615c88e19889755c391574648af4b2978
SHA256

3f17b4278dea108ce15fdf6507d74cb36246f8898780d539de6a857666ec76fd
SHA512

3292a46fc63c93ccb7e7f6006148a588b60ab71a5238e1cf9bb45270ff9565da5e1ec328e0f76e01aea3b5b8ce9e106b19687575c0740824ccee9b1ac2d3728a
SSDEEP

24576:TdQVnv3y8TnbU6Acx1yg2dTFyOWh+D/WdDKndxrmV:y48TRB1ygqyvh+jWdDqLy

Score

10^/10

modiloader snakekeylogger discovery keylogger persistence stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

MV GOLDEN SCHULTE DETAILS.exe

Resource

win7-20241010-en

windows7-x64

1 signatures

300 seconds

Behavioral task

behavioral2

Sample

MV GOLDEN SCHULTE DETAILS.exe

Resource

win10v2004-20250217-en

modiloader snakekeylogger discovery keylogger persistence stealer trojan

windows10-2004-x64

18 signatures

300 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot7932652060:AAGfWzT7VuDRopXDARov5b0y9nd_QzIJ2iU/sendMessage?chat_id=2135869667

Targets

- Target
  
  MV GOLDEN SCHULTE DETAILS.exe
- Size
  
  1.8MB
- MD5
  
  e39e0115fc9553bea60e763bc4ef884f
- SHA1
  
  af6bd387cbfedcadc73f4d224c8da9eaaff62798
- SHA256
  
  69c7dfcebba4b1eca66785ea2997f32acd1ea03d31e90d55a8d62258834fb49a
- SHA512
  
  a613af869bf3c094ba5150223467de04e3e5e28dce212a48f1ec6d17636cc94b78548ca6af0fcb01ebe4a5dfc1fc8092c10dd977f5310e82b488da479557ab33
- SSDEEP
  
  24576:Njc1TK7Gs05bZbtYXekG4+BiKr8ZfM6lNxr+DHlpIM6lNxr+DHlph:NlLOkG81MOqDDIMOqDDh
Score

10^/10

discovery modiloader snakekeylogger keylogger persistence stealer trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modiloader family
  modiloader
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Snakekeylogger family
  snakekeylogger
- ModiLoader Second Stage
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

modiloadersnakekeyloggerdiscoverykeyloggerpersistencestealertrojan

© 2018-2025

Terms | Privacy