modiloader | ca3c5a5f9b5cbd6949f6e841036b0f19713099ad9b5af6029ae8c122dde694f2 | Triage

Sharing

General

Target

Sedqwpedatktik.zip
Size

1.3MB
Sample

231128-zf4thsce92
MD5

20d9096e0a98b569c30573c5b91fb67c
SHA1

7a002ea7e5bfae0254dc52dad3d489ef94ac3d5e
SHA256

ca3c5a5f9b5cbd6949f6e841036b0f19713099ad9b5af6029ae8c122dde694f2
SHA512

809c14ca7022df7e82de85c06941723f7c9aae5af7e0c49736a1961891e79839f0cb752877890321c3d22df0d16859d107055420cc8ae5686f5ab73032095569
SSDEEP

24576:3kwyKDjCcwRaTSf55bodSAUef2bwOIua5CGTzb/kUzMbZQ/PIiUVGd:3kwyKDmRaGfMdBkza/Xb/kmMxiFd

Score

10^/10

modiloader persistence trojan

Malware Config

Targets

- Target
  
  Sedqwpedatktik.exe
- Size
  
  1.9MB
- MD5
  
  56393d980692e825faf5ee4868323886
- SHA1
  
  51dd80cfdecc2402b97e639fbb39e085bccd8a22
- SHA256
  
  4458765d6aa90cd65cf3a780f1c3be852ff4ba2132a2e1ac0a99d36f70bac994
- SHA512
  
  8f2cc0d0efbbca2c0f9ae96283637e901e878ea6fbd3c1ed08525cf690b31e7e53341800ebc9b89c2de1ffc15e3e76f2f5bd3bdf649bc4d3a7fa509107d3bf2a
- SSDEEP
  
  49152:Jnq5X8IxTqh0eJa3DZEe9sRuCVCW4sMyqChsZt9Trz:Jq5XX8Za31CuCcwMXC+P5z
Score

10^/10

modiloader persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

modiloaderpersistencetrojan