modiloader | d3a2630fb6da753b9c726dcb8bbf1b242d257cad6331b35dff6f62bdb532c348 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1ac5c988720abc8de4f0205e4ee141ab
Size

27KB
Sample

231230-q96qjafgg6
MD5

1ac5c988720abc8de4f0205e4ee141ab
SHA1

6db5b7c128e345fb38ad064b335c81081d242143
SHA256

d3a2630fb6da753b9c726dcb8bbf1b242d257cad6331b35dff6f62bdb532c348
SHA512

b3977d246b1bc37182668f72d1b7759339f5ea3e5263a0e3a98151efdb9304f24d9ea7b0ec941bfadc95141a47a8558fc3d3f33ea34ca77dfaf08a2c909fbfff
SSDEEP

384:o8sdcxGOuS3mtjmzuhNuQ0dZOKa7EAfH5+3KJIYfIpljPWfcfbfY6Lt3uMNsLeWS:LsdkhauhagGH83kreW2ZvIq

Score

10^/10

modiloader persistence trojan

Malware Config

Targets

- Target
  
  1ac5c988720abc8de4f0205e4ee141ab
- Size
  
  27KB
- MD5
  
  1ac5c988720abc8de4f0205e4ee141ab
- SHA1
  
  6db5b7c128e345fb38ad064b335c81081d242143
- SHA256
  
  d3a2630fb6da753b9c726dcb8bbf1b242d257cad6331b35dff6f62bdb532c348
- SHA512
  
  b3977d246b1bc37182668f72d1b7759339f5ea3e5263a0e3a98151efdb9304f24d9ea7b0ec941bfadc95141a47a8558fc3d3f33ea34ca77dfaf08a2c909fbfff
- SSDEEP
  
  384:o8sdcxGOuS3mtjmzuhNuQ0dZOKa7EAfH5+3KJIYfIpljPWfcfbfY6Lt3uMNsLeWS:LsdkhauhagGH83kreW2ZvIq
Score

10^/10

modiloader persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderpersistencetrojan

behavioral2

modiloaderpersistencetrojan