Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://bazaar.abuse...

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://bazaar.abuse.ch/download/5774db473258bf744264a3a02e01931fa02ecd19a26f0f9329bfa5ac89d08512/

  • Sample

    250401-2red4szn17

Score
10/10
modiloaderdefense_evasiondiscoveryexecutiontrojan

Malware Config

Targets

    • Target

      https://bazaar.abuse.ch/download/5774db473258bf744264a3a02e01931fa02ecd19a26f0f9329bfa5ac89d08512/

    Score
    10/10
    modiloaderdefense_evasiondiscoveryexecutiontrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Modiloader family

      modiloader

    • ModiLoader Second Stage

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Evasion via Device Credential Deployment

      defense_evasionexecution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks