modiloader | e0f492b56cdde36c64daa34406e43e16113e7b7e43952895529dea6b65eacd6b

Sharing

Copy URL

Twitter E-mail

General

Target

3f66bd7050539f98a0373aec978cfc73
Size

15.7MB
Sample

240104-aj1tlafee3
MD5

3f66bd7050539f98a0373aec978cfc73
SHA1

ecc1a246b42303a22e535ab829e1311500ebbc14
SHA256

e0f492b56cdde36c64daa34406e43e16113e7b7e43952895529dea6b65eacd6b
SHA512

e5bc6ecad9feed52a13393c31e3953982d2bfe2eb68a3c51ff8b5b05aac0391e40ffb2fdb850fe7e225e01b357e42182d79ca0bc62a18495eac48b0ac5ef9ebb
SSDEEP

393216:uktNbtNH3Gs5j887Hhv5epWgmgEtJ+HpaAekDaWHXT:ukDbtNH35jt750lmwHptZDaWHj

Score

10^/10

Malware Config

Targets

- Target
  
  BuhtaClient.etl
- Size
  
  5.7MB
- MD5
  
  478fe388cc5749c07fc2f21dbabe25c0
- SHA1
  
  e0acd04d2f7f88b47bd82abb7819d1b273eaa4e7
- SHA256
  
  5983718f774db2d1e7842dfe24e7c29dceda82569719c9e74b4227e7ff5904ab
- SHA512
  
  fb3ef8591b036f42e4346ff39287867e972bbe88005529f3ffa112d2b972c7f0c48ad5179078514e700823711041b2e7f9c57960d55961d6dd1ee4d39fc8710c
- SSDEEP
  
  98304:noQSO6ZRVtW4tiyR/Mx2pkujlme8n1cOnJO:m
Score

1^/10
behavioral1 behavioral2
- Target
  
  BuhtaClient.exe
- Size
  
  12.9MB
- MD5
  
  c82005128e4de1cad09fbde5fdef3290
- SHA1
  
  f4cfb7e40efb4a2a74ef734cb7dc0b70d2348ab4
- SHA256
  
  612a2dcda3fcec5e2b4e0ca7c6f99952ef9274a482445c439261597884db5848
- SHA512
  
  622d8f81193d57c30ffa12b8f3d4ada6d52d6fe229d2b0a9b6fe79f52dd531ecc25334d2016204e943efe1060267aa323d446b88d783fd4e20b68fbc88af2d13
- SSDEEP
  
  196608:tenHQWQw5KP+4OQF51fa51F5zttrD2VmfXooAl2qSzTfv6YbKaqKpIPuS/HCQ:t+D5Kmk1CPz7rqvl2qS3X7ld
Score

10^/10

modiloader trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader First Stage
behavioral3 behavioral4
- Target
  
  BuhtaDev.chm
- Size
  
  396KB
- MD5
  
  2c1e5c9bd8e1a7f5a01d6840b715bcfd
- SHA1
  
  6261eb9affd394dfc01c8c645ef5fbd3c1b1c981
- SHA256
  
  2ac5beadb46df69331c214b01e7994415a15698605d04e8e2f87bea40c2d420d
- SHA512
  
  622192042802bdc90be8d5a96c126252be49ae3d1f51f7e40cd44d95de09110edff79934d50445297d79667d4b20d8da5c68b295f68fe0c50a25169634def0bb
- SSDEEP
  
  12288:nZVyrEJf+EwUEZ+voA3dCeOty3OuRHgLDpGpEGy6ULe:nurEd+X+v/tCtQ3OuRApGiGCC
Score

1^/10
behavioral5 behavioral6
- Target
  
  BuhtaPivot.xla
- Size
  
  59KB
- MD5
  
  8336b5a5ddf41cf813a1274a9543a34c
- SHA1
  
  533c18a7ce7db70dbc026b2f70031d44e6207c8d
- SHA256
  
  5596e8b493c644d62c9f6ab6f6a5d621ee2b348ef63d3270965b45021f308fe5
- SHA512
  
  e2f24c6c2d233b175053a41e382d3b1a29984c3bd28341bdaeadea977137717fb5df86ea27df57461cf6328155c00282ed569603c63940593fe4b33e196639f9
- SSDEEP
  
  768:To9kwJv744eN0WVkiPSx2o7piwJtNWVnBJIcXX3CWe5rMuh8tpd:8Owt744eN0WVJPSx2o7pi2ejAMuhc
Score

1^/10
behavioral7 behavioral8
- Target
  
  BuhtaServer.exe
- Size
  
  1.4MB
- MD5
  
  de55c646c8e87db58b124f8d76eb6e6b
- SHA1
  
  264365cce261e6fad450671c5ccb7955ebfc5ab4
- SHA256
  
  6975ceb7195e32eac63305e885373aec1af90430a25ccd5db43156b732a297b7
- SHA512
  
  a642df8144aa100dbef032ddf7a94f361a4875ad9a2223b993ad5c0b500cc72b3c7e20f1399bc751755e4f7191b5523c28da234a2ebe04f776fad72bbe45d7a1
- SSDEEP
  
  24576:TYlSIAplA/e2enRok1ezqvSwm+KqZjX/sHtaaF5eWEDaS8N:TmSIuUMR2C1PsHtaakF8
Score

1^/10
behavioral10 behavioral9
- Target
  
  PivotInstall.exe
- Size
  
  524KB
- MD5
  
  4954c61666de06dd164bd88f9bd56d23
- SHA1
  
  131a6fe6a8b30c4bc81845ec1423c4ba94775b7d
- SHA256
  
  0f3d184c3cc0eea67094be3c5a3106ed5562b174fccdda8c149fbea451649650
- SHA512
  
  d3b0858183893c77b5baddfda98d03a49975235301d4745e147af228d7be74e98c166ff28f7afdd1ccc89ccd1a6f9bb11563912a65f810981dd6f69dec4e1198
- SSDEEP
  
  12288:pB5UbRnGaVwlLiJuLtiHzb3r5fjep7Nv8I2/Fi:pByM+wNiJg8HXBm7NvZQY
Score

1^/10
behavioral11 behavioral12
- Target
  
  dsd.exe
- Size
  
  1.3MB
- MD5
  
  fd191953fd1eae16f7965ea88590b6ac
- SHA1
  
  2abc414d3e3e9033a8bedb53122236fc762d6809
- SHA256
  
  a17c20f67896a4f5dc8d3cecabee3a7683d5a733661c5e2dba709536b572984b
- SHA512
  
  c9b3dfd1f6a11e6bcb6e156d42105c3d01d3ab3bf9c51ebc6d044d8f60d83e0814d7ead8b0c690b8377114018c6ec894a4b8c40c84dc14bfc78b324c440627a6
- SSDEEP
  
  12288:/s+kHIGrKqDR/i6L6VxNm51ilbfbgzEGA3DfccoGRfPtJSy5i72C/PYBMLvOronT:EHIq69plbfbgzEGATfcwXx5iZMMzOK
Score

1^/10
behavioral13 behavioral14
- Target
  
  eapi.dll
- Size
  
  148KB
- MD5
  
  d7c65f338b7063e4337f25d1a511f723
- SHA1
  
  e1eb90f87e0a9bde3e70c0f87c2fc368dc8092e9
- SHA256
  
  7de13885441baa0cca8e81bbd5d2dd2a7ba411156b897dbe2820d94b7589da10
- SHA512
  
  a726112ab90e707acffe75cecb537b138a202657eb9167327a26d5db53d3a25609ff772896b2691fdfea2765417eafb1116e02b762c98cca4a08333a085067b6
- SSDEEP
  
  3072:NjYQztF8U/iSj2Z94vefRvEjWZh8UlIX:30E2Z94vewGh8F
Score

3^/10
behavioral15 behavioral16
- Target
  
  quricol32.dll
- Size
  
  218KB
- MD5
  
  19306dd58bbd42f9c4fba0072a6e810a
- SHA1
  
  e6c01ab512806319db1745e73fbd55f3ac9298b3
- SHA256
  
  90864d6b81ab5b6251e3739366f2cd8ffb9bccc7c08f9c39eb4b73db17f0401b
- SHA512
  
  01f9b18438737baaa523048f518385aabdef8417ea92e38f65c3c052036b70c9329e8f07ba47af5a32edd7948a1b81cc1173b9e60db00ba1c87e2ac5c86c4340
- SSDEEP
  
  3072:Syy0/QPixg1FYvqMH5XuCtM7ZRA0ke9S7egumTBfCUuAg0Fu/5b8+zd:W0/Qqxg1FYvqMHpuCtR0VpgDTBqUuAO
Score

3^/10
behavioral17 behavioral18

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

ModiLoader, DBatLoader

ModiLoader First Stage

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18