modiloader | 60e76eda46185d1d2e9463d15e31d4c87eb03535d368cc3471c55992bc99ad5f

Analysis

max time kernel
440s
max time network
547s
platform
windows10-ltsc_2021_x64
resource
win10ltsc2021-20250313-uk
resource tags

arch:x64arch:x86image:win10ltsc2021-20250313-uklocale:uk-uaos:windows10-ltsc_2021-x64systemwindows
submitted
30/03/2025, 08:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WinLocker_Builder_0.4.exe
Size

699KB
MD5

81dd862410af80c9d2717af912778332
SHA1

8f1df476f58441db5973ccfdc211c8680808ffe1
SHA256

60e76eda46185d1d2e9463d15e31d4c87eb03535d368cc3471c55992bc99ad5f
SHA512

8dd014b91fb1e2122d2e4da444db78dd551513c500d447bb1e94ceb7f2f8d45223a8a706e2156102f8c8850d2bb02ae6b8ea0c9282abd7baaa2c84130112af15
SSDEEP

12288:0L/xX5KVeOnuH/u1Wig295xsmVXf6AaQLmEc+pdmWSwIHUOS6Vp:0bxpUz13g27raQmEcomWSHHUD

Score

10^/10

modiloader discovery trojan

Malware Config

Signatures

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader
Modiloader family
modiloader

ModiLoader Second Stage 1 IoCs

resource	yara_rule
behavioral1/memory/4388-2-0x0000000000400000-0x0000000000545000-memory.dmp	modiloader_stage2

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WinLocker_Builder_0.4.exe

C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe
"C:\Users\Admin\AppData\Local\Temp\WinLocker_Builder_0.4.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4388-0-0x0000000000400000-0x0000000000545000-memory.dmp

Filesize
1.3MB

Download
memory/4388-1-0x00000000006F0000-0x00000000006F1000-memory.dmp

Filesize
4KB

Download
memory/4388-2-0x0000000000400000-0x0000000000545000-memory.dmp

Filesize
1.3MB

Download