modiloader | 77e7b338dd8f463b9dcdbec9a4d816437015e241b90cf73dac935ca601e73ab5 | Triage

Sharing

General

Target

6945e6a10f2bbcc922fbbffd4a649ae1
Size

182KB
Sample

231226-m4bfnabbd4
MD5

6945e6a10f2bbcc922fbbffd4a649ae1
SHA1

b02b81f02006c402e7f8791354bcde3b2aa5aeca
SHA256

77e7b338dd8f463b9dcdbec9a4d816437015e241b90cf73dac935ca601e73ab5
SHA512

4bafbf2b36eed1a6897d3af0b1ccc1425ef5d49dff36dd226df89b555b37f25304ed2c87ac03051b74e627cca4ff1750e03e02def3629790090045869440f95e
SSDEEP

3072:5Ur6ZPLQ8wmAgxzR0kc6R95Dek7iYPOYItT9FBrZhwiqSZfHYVghkE54FOo/m:5UroPcf+zRBcoDek7iYPOrtT9FBdhwi5

Score

10^/10

modiloader persistence trojan

Malware Config

Targets

- Target
  
  6945e6a10f2bbcc922fbbffd4a649ae1
- Size
  
  182KB
- MD5
  
  6945e6a10f2bbcc922fbbffd4a649ae1
- SHA1
  
  b02b81f02006c402e7f8791354bcde3b2aa5aeca
- SHA256
  
  77e7b338dd8f463b9dcdbec9a4d816437015e241b90cf73dac935ca601e73ab5
- SHA512
  
  4bafbf2b36eed1a6897d3af0b1ccc1425ef5d49dff36dd226df89b555b37f25304ed2c87ac03051b74e627cca4ff1750e03e02def3629790090045869440f95e
- SSDEEP
  
  3072:5Ur6ZPLQ8wmAgxzR0kc6R95Dek7iYPOYItT9FBrZhwiqSZfHYVghkE54FOo/m:5UroPcf+zRBcoDek7iYPOrtT9FBdhwi5
Score

10^/10

modiloader persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Sets DLL path for service in the registry
  persistence
- Deletes itself
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderpersistencetrojan

behavioral2