modiloader | 42ddf5ff1e4557fd0b9cd444f68d905797983623a63d7bf57509e8bc61839ef9 | Triage

Submit
Reports

Overview

overview

Static

static

DBatLoader-0xb.exe

windows10-2004-x64

Sharing

General

Target

DBatLoader-0xb.zip
Size

201KB
Sample

250404-bwkhtaxwgw
MD5

72ad75457447abed37a77bd64eeb05fe
SHA1

5f7a6ea7cae64486422a001116ed24ad656e9d98
SHA256

42ddf5ff1e4557fd0b9cd444f68d905797983623a63d7bf57509e8bc61839ef9
SHA512

436e2a6ea13224195327d7dc6969044bc546ce61d0f126a32d548d6bf4e5371c329886e1e305c5c084f9a67a9a0d4f66e75e2b6dd115ab9d4ca51a3b5b21d1a4
SSDEEP

3072:Pf9N+X6sn8GMCPwkmS1dwpQ79l6KMPCQxe/D/eOLc2uD9SAcIAH6AcqPgOn3JjKF:Pf9s8GpwkBcG9lj1r/ea8BZ5AH5ciji

Score

10^/10

modiloader defense_evasion discovery persistence trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

DBatLoader-0xb.exe

Resource

win10v2004-20250313-en

modiloader defense_evasion discovery persistence trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  DBatLoader-0xb.exe
- Size
  
  397KB
- MD5
  
  2d46646ee742bb8977e2e6f180015674
- SHA1
  
  d904f3c89370c5f2a7b90a7cf2f548c2938f6f2f
- SHA256
  
  b563bb3d1fd04257c5bcfc73f3e030c61ddb7fea1aca5189355eb230b4312164
- SHA512
  
  4473a3a38a99d12874fcbe1516601eb7d49df8699fc7e093419f21ec553babd7d3fa958ef4843f53b7d51a35fa6e9bf75e5d0f3040aadbacfe116fb95cefe76a
- SSDEEP
  
  6144:MLy84u9nSO2GjZkD10BIY3rb1YfBdfpoZ3u/Ht52w6JSeiFPXDCi:Y+u9nx2GjMY3XKfd/H/9Pui
Score

10^/10

modiloader defense_evasion discovery persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modiloader family
  modiloader
- ModiLoader Second Stage
- Executes dropped EXE
- Impair Defenses: Safe Mode Boot
  defense_evasion
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Safe Mode Boot

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdefense_evasiondiscoverypersistencetrojan

© 2018-2025

Terms | Privacy