modiloader | 5c9bb9046742d87cecc0707c790bbb880430b28abea4b2d34f93e25a431ba1cf | Triage

Resubmissions

23-11-2022 17:40

221123-v8zm2sbc62 10

23-11-2022 08:29

221123-kdqrjscc7v 10

Sharing

General

Target

Okihbllr.exe
Size

813KB
Sample

221123-v8zm2sbc62
MD5

075d9c52498f73266ac8e6b6dc93338f
SHA1

9e5de0203a144c2098def6c56521ac80bbac715e
SHA256

5c9bb9046742d87cecc0707c790bbb880430b28abea4b2d34f93e25a431ba1cf
SHA512

9bffb68e80dd59d7da8783dd92441daf914d9ead0f13376570668172b139ac18843b2be7a71617000ef32b95397e08bc9ffe796a3e38d5da708e94c674088207
SSDEEP

12288:vOrAkZrlpZxc3NKqgw9ONuRJooNN5dHVqTdTB2O4rwSMpxwhxPgV:vs3hp4c6/n5q5oOqLM2x4V

Score

10^/10

modiloader trojan

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://drive.google.com/uc?export=download&id=1MBtsjmywyat6GFW-5YPgcumD-ReC9ToK

Targets

- Target
  
  Okihbllr.exe
- Size
  
  813KB
- MD5
  
  075d9c52498f73266ac8e6b6dc93338f
- SHA1
  
  9e5de0203a144c2098def6c56521ac80bbac715e
- SHA256
  
  5c9bb9046742d87cecc0707c790bbb880430b28abea4b2d34f93e25a431ba1cf
- SHA512
  
  9bffb68e80dd59d7da8783dd92441daf914d9ead0f13376570668172b139ac18843b2be7a71617000ef32b95397e08bc9ffe796a3e38d5da708e94c674088207
- SSDEEP
  
  12288:vOrAkZrlpZxc3NKqgw9ONuRJooNN5dHVqTdTB2O4rwSMpxwhxPgV:vs3hp4c6/n5q5oOqLM2x4V
Score

10^/10

modiloader trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Blocklisted process makes network request
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

modiloadertrojan

behavioral2

modiloadertrojan