modiloader | 782c744d60224b5741c4befb318403d69928f9c036c1a437ad4e91b8106be79f | Triage

Sharing

General

Target

Engine Parts List_pdf.rar
Size

849KB
Sample

230831-l4tfssee38
MD5

0460335bf4eea90328b77f2141711138
SHA1

8058dc7e2052693256bb7846e9a28b24b46f48d3
SHA256

782c744d60224b5741c4befb318403d69928f9c036c1a437ad4e91b8106be79f
SHA512

612a33fa63dafc38cd3ec7efd4e57e1f6a712fb5a079273830582792958d88794ab098bd114e885369fb851f7665145c7000706dd0b34623fb70a3208b2a09d5
SSDEEP

24576:G8uoXpZSyFtgRZYBjY6eAfSeK5E0ApOGJjTfLcwbJPv:go+yFtgRZYBjYYK5NAkGBEwbJPv

Score

10^/10

modiloader persistence trojan

Malware Config

Targets

- Target
  
  Udcwixynfdafuo.exe
- Size
  
  1.4MB
- MD5
  
  939d9e4948d9c326714a149720ab26af
- SHA1
  
  22f4be2a716c70e3c66c6ed2bc8adc17df395b99
- SHA256
  
  d3f1d0c0e37e33ad600d209bd43d61a3e94b6bd2a5d87b63c53184d070ee1680
- SHA512
  
  871a1e70d7807bc218862fe2b4009130182c33554741f7d3ed05bc3c78d06db730301781f59d1e087a042fb4eecea17e6124b53da808b164255deb0559efd3f9
- SSDEEP
  
  24576:V+Q36wOVeW7QR0uN6ASBIbGBkYcjAYKUx7ADHxOx4yHR7eTKwxK5K2TKEDDNuhoV:V+Q6XfbrYdA7khFoacMz8o6
Score

10^/10

modiloader trojan persistence
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloadertrojan

behavioral2

modiloaderpersistencetrojan