modiloader | 0fda16a373440fc97605138e9d55cc140f75d85fcd3d420ea8df9b87172d51e6 | Triage

Sharing

General

Target

Ubevijukroxyde.exe
Size

2.2MB
Sample

231127-1bj4zsdb4y
MD5

06d1edbba5f83a0f13ca656672556f65
SHA1

488b0ea60f9bf48a422812d7fa509c3f604766f7
SHA256

0fda16a373440fc97605138e9d55cc140f75d85fcd3d420ea8df9b87172d51e6
SHA512

7c8cc3836aef04ced7fccae6ba1665f923b5c2e680b4b337a6b5ec523702c75972064d3ba6007de97cd2f60b1fa36d70b478c1ad15e9e52eb9097403a4babf0c
SSDEEP

49152:JWPpH8yc0/wU2lpe63ZrxKrVEbRIqiPt41JFehg1mQmPoE:JCpcyV/wjpdZrxEVEtI145qnLPoE

Score

10^/10

modiloader persistence trojan

Malware Config

Targets

- Target
  
  Ubevijukroxyde.exe
- Size
  
  2.2MB
- MD5
  
  06d1edbba5f83a0f13ca656672556f65
- SHA1
  
  488b0ea60f9bf48a422812d7fa509c3f604766f7
- SHA256
  
  0fda16a373440fc97605138e9d55cc140f75d85fcd3d420ea8df9b87172d51e6
- SHA512
  
  7c8cc3836aef04ced7fccae6ba1665f923b5c2e680b4b337a6b5ec523702c75972064d3ba6007de97cd2f60b1fa36d70b478c1ad15e9e52eb9097403a4babf0c
- SSDEEP
  
  49152:JWPpH8yc0/wU2lpe63ZrxKrVEbRIqiPt41JFehg1mQmPoE:JCpcyV/wjpdZrxEVEtI145qnLPoE
Score

10^/10

modiloader trojan persistence
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloadertrojan

behavioral2

modiloaderpersistencetrojan