modiloader | 2fd32685ea00eae9c4b1701a63807b27a8583a8cf266a19597105a8255d19fad | Triage

Sharing

General

Target

34ea55dbbf4bdc14fbd074f0b6885d27_JaffaCakes118
Size

1.6MB
Sample

240511-q8jvdadd85
MD5

34ea55dbbf4bdc14fbd074f0b6885d27
SHA1

f0b888b3585d6d58f2bdfcdc92b23dbfdac5aca6
SHA256

2fd32685ea00eae9c4b1701a63807b27a8583a8cf266a19597105a8255d19fad
SHA512

d4d9b8c2012280854f679354722766ff58b005fe40aa86f8bd5f08853535b27430b87c67c601bba0f25c9b41cb07a97f641650e019a18c7061ee547cfbe33c0c
SSDEEP

49152:h1fDlrwGM8BPRoeCZFqbe+pauvmDv6X+QWoDt:xrwGZPqeice+me+QWoDt

Score

10^/10

modiloader trojan

Malware Config

Targets

- Target
  
  ܿػ(Auto Power On)v3.2ƽ.exe
- Size
  
  1.8MB
- MD5
  
  34c106898919bff9359ce5cf99bf6ade
- SHA1
  
  bb986ebef961ece36fccb89345a7139c67794c05
- SHA256
  
  43eed68aa81badf0946ddb6cd710fae2bca84c691124e0e1c1609189e56c3978
- SHA512
  
  c96998e2cee6ebb3c011b7355e6382e9dfeec5e7a773f49cdad39b8abae3610203c802cd81f80a08ad517494f4a4cbefe415ed229530206ce6672e622e7d0647
- SSDEEP
  
  49152:saKc0f6wkRh2DvrwSNMzsl+1FqTe/yUpcNafcMYW4FW:AitGrwSegS4et0MYW4FW
Score

3^/10
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/autopoweron.exe
- Size
  
  1.6MB
- MD5
  
  fc7a668a581fc7a511f54dbea3a2ab0a
- SHA1
  
  b5d783f2ef60a53b1168efcd42bb9bf4c4551fc5
- SHA256
  
  da4419f3cd770012d0a6be1f7f7330611dad237f156f446887cd6f11827769f9
- SHA512
  
  61c6384239324d06c89612eb364aef44b700f346f95eef8d6a07ef43a1ac39b60a73c842aaf5564a5a14480e3be3fc9d3c6ddb76c1dee4d3e5cf02c0f0491244
- SSDEEP
  
  49152:60f6wkRh2DvrwSNMzsl+1FqTe/yUpcNafcMYW4FG:gtGrwSegS4et0MYW4FG
Score

7^/10
- Loads dropped DLL
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  0dc0cc7a6d9db685bf05a7e5f3ea4781
- SHA1
  
  5d8b6268eeec9d8d904bc9d988a4b588b392213f
- SHA256
  
  8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c
- SHA512
  
  814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0
- SSDEEP
  
  192:n6d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jPK72dwF7dBEnbok:n6UdHXcIiY535zBt2jP+BEnbo
Score

3^/10
behavioral5 behavioral6
- Target
  
  AutoPower.exe
- Size
  
  526KB
- MD5
  
  0ad902046991b2a1f566247c9276c665
- SHA1
  
  5c1e2be6f2ba40ec8dd935b851a4e74a8995b914
- SHA256
  
  ae5fdb6c9dece79b53d2140015d49c2063dce3f91194780c5af46ac5bd32ebb7
- SHA512
  
  e05d1bbaf2533cd77e5cba96df3bb54b4dee716a94ce4be2ce9f744a8139248058ea4303de3fa2e7a4d049a35087766d8f524e1f5f62818bda17bb82ce77df7f
- SSDEEP
  
  12288:Kc2PpRw2RpYfoxr/a7/PbmqPXNwrTFAp4oUHIXt:SxRDYfoxDIBVwrTO5
Score

10^/10

modiloader trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
behavioral7 behavioral8
- Target
  
  Help.chm
- Size
  
  155KB
- MD5
  
  10ab0709e3b1d21ef30601a14e14e558
- SHA1
  
  2556e70d17929d41c27e62b7a99b4adbcd7338a2
- SHA256
  
  a60d359f8b59fa335e6186c89e28b0b90961a2a83a3b45e48a4c89e616c98642
- SHA512
  
  0f35ac2962017892215b30c1014b1005c2a2ff5cbb4c4f1375f95be824e92775cf0ef3144ff5e3767dbe1adb9ff3630b81c784ffa700af1ce705c9ed3bc75a6f
- SSDEEP
  
  3072:BrJ9Iq3bGDs4ES3F3oe6TVNRhEMT4HkT0wvMyX0DnazQ67T4Vr9ZKmq7:BrJ91LGD7ESV39Q/bTKwvhCKQ6arHM
Score

1^/10
behavioral10 behavioral9
- Target
  
  RunDLL.dll
- Size
  
  90KB
- MD5
  
  3f1f6f320c3df5a4494924e9705028ed
- SHA1
  
  3b1474939fc2cc4c5396cfb0608fcba364b33f27
- SHA256
  
  db030ca1c54781fb0029dbe433bbc9de566350acc633ad3445ae81b56c0f2e8c
- SHA512
  
  1b066461a7329dfd54c78cb5c0538b065770abe64917d38f64177710b2bb2320c815f2115d26dfe5f7632cb6ac29da9687f774371e3c2fce04a2bb124d012726
- SSDEEP
  
  1536:+GEbOAarrqRAsNdkaHk13rMTHUEBDS8U+CSdr8AB55kDTNGcGHqxNC3Xty:QbOAamAgterMZe8Zr8ABDEoqxNC3k
Score

3^/10
behavioral11 behavioral12
- Target
  
  SASHOOK.dll
- Size
  
  65KB
- MD5
  
  c278352103ee28bfbabd18254d15a430
- SHA1
  
  9db1e8176f02b9c83ba4a7ec69efad35b4d0e37b
- SHA256
  
  79b40a60711f5687d20afe695074a535397ed87ca42df2e47ea545f2c0ebc3bf
- SHA512
  
  df59ff1b1023edd4d4a40a83a80a5706de74c28f4b04b47a122f1d1335b57e81d0cabe4160246a5b3f5aa38788e248bd9c045c85e0c4477c5078cc3ff3142e4e
- SSDEEP
  
  1536:C465M/t+I4qiROQF2huU4VN1y891bXhOrs5SQAGkGzWoc:C4LwvROQF2Y/g8pOriSQ
Score

3^/10
behavioral13 behavioral14
- Target
  
  autoss.exe
- Size
  
  2.1MB
- MD5
  
  da4e0703a34085c2fa77d86492273381
- SHA1
  
  6905a25afa412c21528fa601c121c957d0436248
- SHA256
  
  41064f46efbd85824697f4675ff6d70e9b47107891fcc5a966361deb370a70cf
- SHA512
  
  98d339c8e915f8d967641eafc22ee14216a9d5dd61e660d0aba557af622667b52eeacb9d54a043b04bae6079937986d4b7ad219077ceea348de328b6520d6327
- SSDEEP
  
  24576:IbYUSrlwjSVB9y81hXlEM2Iu9VYRj/1rRiVzC2:Is3zy4u9WD1twzC
Score

10^/10

modiloader trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
behavioral15 behavioral16
- Target
  
  disktop.exe
- Size
  
  498KB
- MD5
  
  6bf4a69d3f938496f36dc3fa2f7dda0b
- SHA1
  
  eedc94f5a8df9a4aa5eb58b3fc835448e2825ea5
- SHA256
  
  1f73df400d14b85e556a20d94b1e2ae85ce860dabe190c6bdb644c4c354684ad
- SHA512
  
  a9e3674a03a2b7c61353281a6c419901f9a9cb7210bf38b05729e2a7b21778b251502bb87f09d39ee89d2f6dd1b2fef8dacc0ab0ecc2345398eb2fb877de311f
- SSDEEP
  
  6144:sjrnm1kUXj+SkzpzRCv5HcPIloaxsEdAJqAHVgiTeYuH70KNXfreXH1wOA1yMGIS:srnjUXj+SkxWSEyXC3Yub1qXHrA1hKl
Score

1^/10
behavioral17 behavioral18
- Target
  
  uninst.exe
- Size
  
  88KB
- MD5
  
  bbc83c95d7a2a93b0f3a24e471f9bfde
- SHA1
  
  dff793da5932c33e39b031441149333a9fdb3577
- SHA256
  
  46380642a474308abd141b21e4b42b05725da9a6a7be8e33dd5e232f8c7bca32
- SHA512
  
  4b2fac36e5bf79694bba6f484f0b87a2fd697151845169fcd19b12c88c7fe834470df21c607e5e2e8ce1add3f69b782ea495e68802ff9da11ea37f0a38beeec5
- SSDEEP
  
  1536:FpgpHzb9dZVX9fHMvG0D3XJHgfn5GdujLoHWAEYnt3zM1m:3gXdZt9P6D3XJHCnAEo2APV
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral19 behavioral20

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

modiloadertrojan

behavioral8

modiloadertrojan

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

modiloadertrojan

behavioral16

modiloadertrojan

behavioral17

behavioral18

behavioral19

behavioral20