modiloader | f0a918e68c0c93adc3fba08886ad00b055e61d6f8edf7e99ff5b7cce606cfe48 | Triage

Sharing

General

Target

NEAS.f0a918e68c0c93adc3fba08886ad00b055e61d6f8edf7e99ff5b7cce606cfe48.zip
Size

1.3MB
Sample

231202-mgwhbacb23
MD5

bd99e365b8518059784fd6a2bce04e0d
SHA1

fc5801d2e6c56bb5086700ddcc894cc4bdef9d89
SHA256

f0a918e68c0c93adc3fba08886ad00b055e61d6f8edf7e99ff5b7cce606cfe48
SHA512

d2ad980e249d6f700ebcbcd3ba845f55171dfd50fc2fd98b21bbca618593d474c658e7466a54b9e2bf2d4ff5aadc27671b5167af7eb3d273220134fb543c1bf8
SSDEEP

24576:mO3ZNcwXmGV6MN137kslU8z97tFTFDWljJN8IouWm/0O7Rqykkqld0VAq5xeJ:mOJNcwWA6Mv7ksxJ7TTFajnRbLRq8MKi

Score

10^/10

modiloader persistence trojan

Malware Config

Targets

- Target
  
  Ref 01-550-1907 m.exe
- Size
  
  1.9MB
- MD5
  
  f38e9e0c4766c0333bea51d01bbc0953
- SHA1
  
  41355f4c618b0681205251919b2f70534a77bb5b
- SHA256
  
  4ca412a3a073c7d656b03710912f8f6386e3613bc76af5ebb20986ff9a94e9f9
- SHA512
  
  822e7da1b0fd4aac2e2fd9281a2c802f8d607fe45535a03d9f329d35f3836d461b7d8e548ec951502b4401cd56ef6227febd087ed30f8b14fcf3c3bc35be7e9b
- SSDEEP
  
  49152:Ad8fIwCjykkGo5ITnLK+Ey9S1qXtfRGHKpk3H8eiTwHFimH9jIrMKSIa+GGXHIft:AdoIwkkrITnG69S1qXtfRGHKpk3H8ei4
Score

10^/10

modiloader trojan persistence
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

modiloadertrojan

behavioral2

modiloaderpersistencetrojan