modiloader | 2fe9bc1096b9cc12a5f2eb7db53fae2d396b870008b7283c35c87b84626ab509 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Vhlvkjghlfjsmz.exe
Size

693KB
Sample

230816-hfsb2sab5v
MD5

e6c56d3e3c9b0472ee6e890ba6ac29b5
SHA1

2861b57183cd7e597d38b2b909abc6868a925e51
SHA256

2fe9bc1096b9cc12a5f2eb7db53fae2d396b870008b7283c35c87b84626ab509
SHA512

ff1a3768f20d61f93946cdfb857984814b7b88f6647d67dcd4f9ec6c2c34a0c037cdc17adee282c5df68be4d9f03622d155dccce5cfdca559e9bcefef074baae
SSDEEP

12288:IHvcLtcc+LtcDzSPGSkK1mWqXt1H4UeP0wAz7J2qEO8m:IPoccPSwFz3H4UeP0j7oqEO

Score

10^/10

modiloader persistence trojan

Malware Config

Targets

- Target
  
  Vhlvkjghlfjsmz.exe
- Size
  
  693KB
- MD5
  
  e6c56d3e3c9b0472ee6e890ba6ac29b5
- SHA1
  
  2861b57183cd7e597d38b2b909abc6868a925e51
- SHA256
  
  2fe9bc1096b9cc12a5f2eb7db53fae2d396b870008b7283c35c87b84626ab509
- SHA512
  
  ff1a3768f20d61f93946cdfb857984814b7b88f6647d67dcd4f9ec6c2c34a0c037cdc17adee282c5df68be4d9f03622d155dccce5cfdca559e9bcefef074baae
- SSDEEP
  
  12288:IHvcLtcc+LtcDzSPGSkK1mWqXt1H4UeP0wAz7J2qEO8m:IPoccPSwFz3H4UeP0j7oqEO
Score

10^/10

modiloader trojan persistence
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloadertrojan

behavioral2

modiloaderpersistencetrojan