modiloader | 36f19ccdfa20772ebeb1c2a89e0edd174465f5ac697323b4ab05c2a46ec1a1a7 | Triage

Submit
Reports

Overview

overview

Static

static

3

36f19ccdfa...a7.exe

windows7-x64

36f19ccdfa...a7.exe

windows10-2004-x64

Sharing

General

Target

36f19ccdfa20772ebeb1c2a89e0edd174465f5ac697323b4ab05c2a46ec1a1a7.exe
Size

1.8MB
Sample

250303-cv1n3stvav
MD5

6f1ead21aa70a3e69cd5c69595fc7916
SHA1

5feacb3a236a1e2a981540aca03fc6ab16d2aa76
SHA256

36f19ccdfa20772ebeb1c2a89e0edd174465f5ac697323b4ab05c2a46ec1a1a7
SHA512

800dc490d482582859ce6a1be834c5a13b501489329eab592fcc67f128462aa8424c9f5f5ec351124b9df660a1e8044786ce6b488ee34fdd0bf37fe9f2d224d5
SSDEEP

24576:95tC5kWkHIVTl45p3aLpZsEFj8z2NJMW1O1EmSSTCSHkbe:9W7OQpZsEFBNsEmw

Score

10^/10

modiloader xworm discovery execution rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

36f19ccdfa20772ebeb1c2a89e0edd174465f5ac697323b4ab05c2a46ec1a1a7.exe

Resource

win7-20240903-en

modiloader discovery trojan

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

36f19ccdfa20772ebeb1c2a89e0edd174465f5ac697323b4ab05c2a46ec1a1a7.exe

Resource

win10v2004-20250217-en

modiloader xworm discovery execution rat trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

xworm

C2

23.94.126.41:8888

Attributes

install_file
USB.exe

Targets

- Target
  
  36f19ccdfa20772ebeb1c2a89e0edd174465f5ac697323b4ab05c2a46ec1a1a7.exe
- Size
  
  1.8MB
- MD5
  
  6f1ead21aa70a3e69cd5c69595fc7916
- SHA1
  
  5feacb3a236a1e2a981540aca03fc6ab16d2aa76
- SHA256
  
  36f19ccdfa20772ebeb1c2a89e0edd174465f5ac697323b4ab05c2a46ec1a1a7
- SHA512
  
  800dc490d482582859ce6a1be834c5a13b501489329eab592fcc67f128462aa8424c9f5f5ec351124b9df660a1e8044786ce6b488ee34fdd0bf37fe9f2d224d5
- SSDEEP
  
  24576:95tC5kWkHIVTl45p3aLpZsEFj8z2NJMW1O1EmSSTCSHkbe:9W7OQpZsEFBNsEmw
Score

10^/10

modiloader discovery trojan xworm execution rat
- Detect Xworm Payload
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modiloader family
  modiloader
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- ModiLoader Second Stage
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdiscoverytrojan

behavioral2

modiloaderxwormdiscoveryexecutionrattrojan

© 2018-2025

Terms | Privacy