modiloader | cf21b3b3efe3cbd55364efb0265ce6f7fb69ac38545791d410e98fdacf998462 | Triage

Sharing

General

Target

Proforma Invoice is attached.zip
Size

326KB
Sample

230412-qfh3daea2s
MD5

7cdfa893a7698d03d561aa014af1a204
SHA1

7b1968fb24d755c15dbd909a3a1f933cb86938f7
SHA256

cf21b3b3efe3cbd55364efb0265ce6f7fb69ac38545791d410e98fdacf998462
SHA512

32f115f8e55f371523384043f120a3f46fbf8c82365704ecb49df7f1ebfdbfa385751eb81b4b61a6b8524e107c968ec3622de8257a2ca97853fd7cba850a5c74
SSDEEP

6144:SZgbpuHNZL+Jz2o95JxrPKunEqO62+Lp7jZ146tZ50DUTHwnzvSD96j6Y2fWPpCH:ugVcmJz/iunEqO62+Lpc6tTTug6G5W8

Score

10^/10

modiloader persistence trojan

Malware Config

Targets

- Target
  
  Fmywfytcpwdmvi.exe
- Size
  
  707KB
- MD5
  
  3df32efa05c88263b4ab0001b5b86aca
- SHA1
  
  aa936331daad999b8561df9163f46c15be8272d4
- SHA256
  
  94aa407f90054e51d00b6c555ef7b566944290e990f3790bf18579afe0cf60b2
- SHA512
  
  6702cf703c845f411f34c742b8585ead12d76e7c01dfd075c77bd068a8585b438189b38331d1502d23cbab55aae1daa56afcffdd2242e5838dfd3291aa8cadd4
- SSDEEP
  
  12288:3lSLbFGyI6Lr4x6xsRzNgBlAU94uq43B2VrNoSv:VuL4xSsRzNgOuTx2VBv
Score

10^/10

modiloader trojan persistence
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

modiloadertrojan

behavioral2

modiloaderpersistencetrojan