modiloader | 926a1d29e97f80aa65deb0186c1174d85db2236997e4eba91aac0592ff2c077c | Triage

Sharing

General

Target

926a1d29e97f80aa65deb0186c1174d85db2236997e4eba91aac0592ff2c077c
Size

1.0MB
Sample

220420-ewg98sahe5
MD5

accf119512ef395778488003900d8226
SHA1

ba0eff961e9e43ac35a837dd43fcbab2a554d04b
SHA256

926a1d29e97f80aa65deb0186c1174d85db2236997e4eba91aac0592ff2c077c
SHA512

f9fca6f256884a2544fe1f580c6656296c424bf6947acf8c91235d33571e749f8857683917d2196728b9a5bff7817c39926368c26bdc2aaa40cdaab167bb7005

Score

10^/10

modiloader persistence trojan

Malware Config

Extracted

Family

modiloader

C2

https://cdn.discordapp.com/attachments/734633826718056471/771632517647695902/Rebxeee

Targets

- Target
  
  926a1d29e97f80aa65deb0186c1174d85db2236997e4eba91aac0592ff2c077c
- Size
  
  1.0MB
- MD5
  
  accf119512ef395778488003900d8226
- SHA1
  
  ba0eff961e9e43ac35a837dd43fcbab2a554d04b
- SHA256
  
  926a1d29e97f80aa65deb0186c1174d85db2236997e4eba91aac0592ff2c077c
- SHA512
  
  f9fca6f256884a2544fe1f580c6656296c424bf6947acf8c91235d33571e749f8857683917d2196728b9a5bff7817c39926368c26bdc2aaa40cdaab167bb7005
Score

10^/10

modiloader trojan persistence
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader First Stage
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Web Service

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

modiloadertrojan

behavioral2

modiloaderpersistencetrojan