modiloader | 5c9bb9046742d87cecc0707c790bbb880430b28abea4b2d34f93e25a431ba1cf | Triage

Resubmissions

23-11-2022 17:40

221123-v8zm2sbc62 10

23-11-2022 08:29

221123-kdqrjscc7v 10

Sharing

General

Target

Okihbllr.exe
Size

813KB
Sample

221123-v8zm2sbc62
MD5

075d9c52498f73266ac8e6b6dc93338f
SHA1

9e5de0203a144c2098def6c56521ac80bbac715e
SHA256

5c9bb9046742d87cecc0707c790bbb880430b28abea4b2d34f93e25a431ba1cf
SHA512

9bffb68e80dd59d7da8783dd92441daf914d9ead0f13376570668172b139ac18843b2be7a71617000ef32b95397e08bc9ffe796a3e38d5da708e94c674088207
SSDEEP

12288:vOrAkZrlpZxc3NKqgw9ONuRJooNN5dHVqTdTB2O4rwSMpxwhxPgV:vs3hp4c6/n5q5oOqLM2x4V

Score

10^/10

modiloader trojan

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://drive.google.com/uc?export=download&id=1MBtsjmywyat6GFW-5YPgcumD-ReC9ToK

Targets

- Target
  
  Okihbllr.exe
- Size
  
  813KB
- MD5
  
  075d9c52498f73266ac8e6b6dc93338f
- SHA1
  
  9e5de0203a144c2098def6c56521ac80bbac715e
- SHA256
  
  5c9bb9046742d87cecc0707c790bbb880430b28abea4b2d34f93e25a431ba1cf
- SHA512
  
  9bffb68e80dd59d7da8783dd92441daf914d9ead0f13376570668172b139ac18843b2be7a71617000ef32b95397e08bc9ffe796a3e38d5da708e94c674088207
- SSDEEP
  
  12288:vOrAkZrlpZxc3NKqgw9ONuRJooNN5dHVqTdTB2O4rwSMpxwhxPgV:vs3hp4c6/n5q5oOqLM2x4V
Score

10^/10

modiloader trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Blocklisted process makes network request
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

modiloadertrojan

behavioral2

modiloadertrojan