modiloader | d20b3aebf25096efce7a59a3b2bf09465668731d39ca8f8145378e079ff700e8 | Triage

Sharing

General

Target

5be77c54c81dd92849a2552527882c85_JaffaCakes118
Size

371KB
Sample

240519-2vz5zsff61
MD5

5be77c54c81dd92849a2552527882c85
SHA1

efa17682e6b06358b9ff345ab1bc841e1b86d73b
SHA256

d20b3aebf25096efce7a59a3b2bf09465668731d39ca8f8145378e079ff700e8
SHA512

c0769c117b857a537e7520cb4402a4dd89f730aa14a060088abd85ed0c1678f4254b4dd4a5fb0008b3dcd9ccab31fe73d31010d3bc55f017e7541e95871328d3
SSDEEP

6144:KDKFyWBwhsrZiBhnkxEG/XPz4iBt3iPR3FDrobe8m6IF6ep3o6whZ5Vd5Up:KDUyWypzk7X7ZORVwC8m/F/3o6whZXr6

Score

10^/10

modiloader trojan

Malware Config

Extracted

Family

modiloader

C2

https://cdn.discordapp.com/attachments/753549570230976536/755287116593758208/Dmoqggd

Targets

- Target
  
  Epsonscan 6000735873898737338898383889838993930993003039383.exe
- Size
  
  909KB
- MD5
  
  292674c1d2579fb41017413d7d204eba
- SHA1
  
  5605a97858985e892f32c479d1e9fe614edd3a8f
- SHA256
  
  74bfe12181435ac80211c35fb1aa7955965d252ea6db5d12576a21d2590f7596
- SHA512
  
  244cbb53b5f39cc497e0d7cae73c575a8c8e7a5f64b89ce5c7dc377c314a6e15e51af043c57b383feec031e3660c1c3450bdc4a34e6db9d9867f362fdce2437a
- SSDEEP
  
  24576:bK5hBlSW8pFD6iDIeT2p5c2bSO9vWVa1J:bK58W8fT2Px8g
Score

10^/10

modiloader trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader First Stage
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

modiloadertrojan

behavioral2

modiloadertrojan