modiloader | 5632845f592e5f82107188fbf45819a2b3559e6bf8570ac0e94e9303ab5220cb | Triage

Sharing

General

Target

cceae54514e3228ca945ebb268b1c3a71f4a34faeccbbe3dd07524397c4f478f.zip
Size

331KB
Sample

230321-r1zfjabc75
MD5

17e0a96ebecfe974cd95f20fb34c6207
SHA1

18d27b94deb1b6332c19f00de4cec26d20e9b22d
SHA256

5632845f592e5f82107188fbf45819a2b3559e6bf8570ac0e94e9303ab5220cb
SHA512

a39a9e7515fb906efa37db9ccb99c8e4296ffa0c23df1b82d791535de5dee7210b9dcf576d44f7768b7ad8fc2bac3d58b92b7ed2cac06ced30c1291105b84fbe
SSDEEP

6144:fUytvgiHElaknmnfYlUfTO/Cd8yOgu1YoWxUR/Q1qT1ETkyR2HJvP0qsc1Y45:fJkla2mfjT0aq1nR/eC6xRG801/

Score

10^/10

modiloader persistence trojan

Malware Config

Targets

- Target
  
  cceae54514e3228ca945ebb268b1c3a71f4a34faeccbbe3dd07524397c4f478f.exe
- Size
  
  771KB
- MD5
  
  406d72b38cb0340752ff14290ec2e9e8
- SHA1
  
  809309bb3d86eb78cc7a2a21586bc0b379f5e838
- SHA256
  
  cceae54514e3228ca945ebb268b1c3a71f4a34faeccbbe3dd07524397c4f478f
- SHA512
  
  871767e3f39dda0a073c406cf712866158d709e8fd8b3535367466a4bda7d5993f9b7d815d83c75a26b72421298c31784fb00cb4ea85324e213ba11ec2207251
- SSDEEP
  
  12288:Pr5Nxzs78p/cJCzQkgtr80XGjObPkOOfIiteSmF0Z/:PFvzs7bJWbgtopibPkOOnm0
Score

10^/10

modiloader trojan persistence
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

modiloadertrojan

behavioral2

modiloaderpersistencetrojan