modiloader | 3001a95697100a5d4a30d84a69ea5be56d6bc0fa7ba4ed3b28dd774bb9d64c37 | Triage

Sharing

General

Target

Bntwfkvhnfruab.exe
Size

2.3MB
Sample

231203-ty8yasch72
MD5

0304c6495154e07d427b37946eb5fc13
SHA1

5a216a1b1f4d93a33f1a9e720f3811e32b37b39b
SHA256

3001a95697100a5d4a30d84a69ea5be56d6bc0fa7ba4ed3b28dd774bb9d64c37
SHA512

9307a03781e9a5a177673cd5d4b01a24bf36a39a3100c070b46511d5000b606b6f25762a1e44f25699f62054ef986949889428711bb53cbeba9bf0bbab44e935
SSDEEP

49152:UkQzWGa8pH8yc0/wU2lpe63ZrxKrVEbRIqiPt41wFehg1mQ5C:UNqGa8pcyV/wjpdZrxEVEtI14Gqn

Score

10^/10

modiloader persistence trojan

Malware Config

Targets

- Target
  
  Bntwfkvhnfruab.exe
- Size
  
  2.3MB
- MD5
  
  0304c6495154e07d427b37946eb5fc13
- SHA1
  
  5a216a1b1f4d93a33f1a9e720f3811e32b37b39b
- SHA256
  
  3001a95697100a5d4a30d84a69ea5be56d6bc0fa7ba4ed3b28dd774bb9d64c37
- SHA512
  
  9307a03781e9a5a177673cd5d4b01a24bf36a39a3100c070b46511d5000b606b6f25762a1e44f25699f62054ef986949889428711bb53cbeba9bf0bbab44e935
- SSDEEP
  
  49152:UkQzWGa8pH8yc0/wU2lpe63ZrxKrVEbRIqiPt41wFehg1mQ5C:UNqGa8pcyV/wjpdZrxEVEtI14Gqn
Score

10^/10

modiloader trojan persistence
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloadertrojan

behavioral2

modiloaderpersistencetrojan