modiloader | d164c7ce3856705552a7dcd91f577c12162d5eb522153e33e91f86536cac5fb2 | Triage

Sharing

General

Target

Fpopgapwdcgvxn.exe
Size

2.3MB
Sample

231130-q74s6ace94
MD5

072d323c28e7ba4d63eb7df9894f33c9
SHA1

cf6a2b1ba98bf303e93b4070919ec1cd30262377
SHA256

d164c7ce3856705552a7dcd91f577c12162d5eb522153e33e91f86536cac5fb2
SHA512

348e888f90e8582be54acc4c39d9531ec333a3f9deb5c7cc1c4d6dbf2cc094cbb744438d87d6d3a2357d2e2be7141412744287249b465eb39217a3f0cffb0a23
SSDEEP

49152:UkQzWGa8pH8yc0/wU2lpe63ZrxKrVEbRIqiPt415Fehg1mQ5C:UNqGa8pcyV/wjpdZrxEVEtI14xqn

Score

10^/10

modiloader persistence trojan

Malware Config

Targets

- Target
  
  Fpopgapwdcgvxn.exe
- Size
  
  2.3MB
- MD5
  
  072d323c28e7ba4d63eb7df9894f33c9
- SHA1
  
  cf6a2b1ba98bf303e93b4070919ec1cd30262377
- SHA256
  
  d164c7ce3856705552a7dcd91f577c12162d5eb522153e33e91f86536cac5fb2
- SHA512
  
  348e888f90e8582be54acc4c39d9531ec333a3f9deb5c7cc1c4d6dbf2cc094cbb744438d87d6d3a2357d2e2be7141412744287249b465eb39217a3f0cffb0a23
- SSDEEP
  
  49152:UkQzWGa8pH8yc0/wU2lpe63ZrxKrVEbRIqiPt415Fehg1mQ5C:UNqGa8pcyV/wjpdZrxEVEtI14xqn
Score

10^/10

modiloader trojan persistence
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

modiloadertrojan

behavioral2

modiloaderpersistencetrojan