modiloader | f3ad47ca842225f405e277f5f2b0521266fe65a90bf746ac39a67990835ddf14 | Triage

Sharing

General

Target

Document.exe
Size

753KB
Sample

210503-5lb3r6vzbj
MD5

abb973cc735baa96deac84f5653fd89a
SHA1

59c52bab6062e461866be8b918a376e4362571e1
SHA256

f3ad47ca842225f405e277f5f2b0521266fe65a90bf746ac39a67990835ddf14
SHA512

b44074cc3a0b114e3580c2222c29782d42c814ab365731a97c3f76bbc62206a6cd59a12f86d16aeeb8004c84d5ad871bf2b058d291dfb66cf2fd138e0159b59b

Score

10^/10

modiloader netwire botnet persistence stealer trojan

Malware Config

Targets

- Target
  
  Document.exe
- Size
  
  753KB
- MD5
  
  abb973cc735baa96deac84f5653fd89a
- SHA1
  
  59c52bab6062e461866be8b918a376e4362571e1
- SHA256
  
  f3ad47ca842225f405e277f5f2b0521266fe65a90bf746ac39a67990835ddf14
- SHA512
  
  b44074cc3a0b114e3580c2222c29782d42c814ab365731a97c3f76bbc62206a6cd59a12f86d16aeeb8004c84d5ad871bf2b058d291dfb66cf2fd138e0159b59b
Score

10^/10

modiloader persistence trojan netwire botnet stealer
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Blocklisted process makes network request
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

modiloaderpersistencetrojan

behavioral2

netwirebotnetpersistencestealer