modiloader | e723ee615d7a64e918ab185b645324a0cb1b376302d33b54995b54da39be51f3

Sharing

Copy URL

Twitter E-mail

General

Target

5b518a9f9d968ff562d860db70623b78_JaffaCakes118
Size

1.5MB
Sample

240519-zatflagd88
MD5

5b518a9f9d968ff562d860db70623b78
SHA1

7a378598a9f3630569f19d5895fafc941aadfedb
SHA256

e723ee615d7a64e918ab185b645324a0cb1b376302d33b54995b54da39be51f3
SHA512

4edc32123b72b7ea6f79fdd98694d68732cfcac7475350aa31ac9f6f051a08e0d283ac5878477498f5dedae5759c56f0727375d70a5430a625f11f0d23af2cb7
SSDEEP

49152:iPhv1CoBZphZwKNvHjdJB6nMhRrkZ54IC:ip9BwKhUnirkZjC

Score

10^/10

modiloader trojan

Malware Config

Targets

- Target
  
  AutoPowerOn_windown8/AutoPowerOn/autopoweron.exe
- Size
  
  1.8MB
- MD5
  
  34c106898919bff9359ce5cf99bf6ade
- SHA1
  
  bb986ebef961ece36fccb89345a7139c67794c05
- SHA256
  
  43eed68aa81badf0946ddb6cd710fae2bca84c691124e0e1c1609189e56c3978
- SHA512
  
  c96998e2cee6ebb3c011b7355e6382e9dfeec5e7a773f49cdad39b8abae3610203c802cd81f80a08ad517494f4a4cbefe415ed229530206ce6672e622e7d0647
- SSDEEP
  
  49152:saKc0f6wkRh2DvrwSNMzsl+1FqTe/yUpcNafcMYW4FW:AitGrwSegS4et0MYW4FW
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/autopoweron.exe
- Size
  
  1.6MB
- MD5
  
  fc7a668a581fc7a511f54dbea3a2ab0a
- SHA1
  
  b5d783f2ef60a53b1168efcd42bb9bf4c4551fc5
- SHA256
  
  da4419f3cd770012d0a6be1f7f7330611dad237f156f446887cd6f11827769f9
- SHA512
  
  61c6384239324d06c89612eb364aef44b700f346f95eef8d6a07ef43a1ac39b60a73c842aaf5564a5a14480e3be3fc9d3c6ddb76c1dee4d3e5cf02c0f0491244
- SSDEEP
  
  49152:60f6wkRh2DvrwSNMzsl+1FqTe/yUpcNafcMYW4FG:gtGrwSegS4et0MYW4FG
Score

7^/10
- Loads dropped DLL
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  0dc0cc7a6d9db685bf05a7e5f3ea4781
- SHA1
  
  5d8b6268eeec9d8d904bc9d988a4b588b392213f
- SHA256
  
  8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c
- SHA512
  
  814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0
- SSDEEP
  
  192:n6d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jPK72dwF7dBEnbok:n6UdHXcIiY535zBt2jP+BEnbo
Score

3^/10
behavioral5 behavioral6
- Target
  
  AutoPower.exe
- Size
  
  526KB
- MD5
  
  0ad902046991b2a1f566247c9276c665
- SHA1
  
  5c1e2be6f2ba40ec8dd935b851a4e74a8995b914
- SHA256
  
  ae5fdb6c9dece79b53d2140015d49c2063dce3f91194780c5af46ac5bd32ebb7
- SHA512
  
  e05d1bbaf2533cd77e5cba96df3bb54b4dee716a94ce4be2ce9f744a8139248058ea4303de3fa2e7a4d049a35087766d8f524e1f5f62818bda17bb82ce77df7f
- SSDEEP
  
  12288:Kc2PpRw2RpYfoxr/a7/PbmqPXNwrTFAp4oUHIXt:SxRDYfoxDIBVwrTO5
Score

10^/10

modiloader trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
behavioral7 behavioral8
- Target
  
  Help.chm
- Size
  
  155KB
- MD5
  
  10ab0709e3b1d21ef30601a14e14e558
- SHA1
  
  2556e70d17929d41c27e62b7a99b4adbcd7338a2
- SHA256
  
  a60d359f8b59fa335e6186c89e28b0b90961a2a83a3b45e48a4c89e616c98642
- SHA512
  
  0f35ac2962017892215b30c1014b1005c2a2ff5cbb4c4f1375f95be824e92775cf0ef3144ff5e3767dbe1adb9ff3630b81c784ffa700af1ce705c9ed3bc75a6f
- SSDEEP
  
  3072:BrJ9Iq3bGDs4ES3F3oe6TVNRhEMT4HkT0wvMyX0DnazQ67T4Vr9ZKmq7:BrJ91LGD7ESV39Q/bTKwvhCKQ6arHM
Score

1^/10
behavioral10 behavioral9
- Target
  
  RunDLL.dll
- Size
  
  90KB
- MD5
  
  3f1f6f320c3df5a4494924e9705028ed
- SHA1
  
  3b1474939fc2cc4c5396cfb0608fcba364b33f27
- SHA256
  
  db030ca1c54781fb0029dbe433bbc9de566350acc633ad3445ae81b56c0f2e8c
- SHA512
  
  1b066461a7329dfd54c78cb5c0538b065770abe64917d38f64177710b2bb2320c815f2115d26dfe5f7632cb6ac29da9687f774371e3c2fce04a2bb124d012726
- SSDEEP
  
  1536:+GEbOAarrqRAsNdkaHk13rMTHUEBDS8U+CSdr8AB55kDTNGcGHqxNC3Xty:QbOAamAgterMZe8Zr8ABDEoqxNC3k
Score

3^/10
behavioral11 behavioral12
- Target
  
  SASHOOK.dll
- Size
  
  65KB
- MD5
  
  c278352103ee28bfbabd18254d15a430
- SHA1
  
  9db1e8176f02b9c83ba4a7ec69efad35b4d0e37b
- SHA256
  
  79b40a60711f5687d20afe695074a535397ed87ca42df2e47ea545f2c0ebc3bf
- SHA512
  
  df59ff1b1023edd4d4a40a83a80a5706de74c28f4b04b47a122f1d1335b57e81d0cabe4160246a5b3f5aa38788e248bd9c045c85e0c4477c5078cc3ff3142e4e
- SSDEEP
  
  1536:C465M/t+I4qiROQF2huU4VN1y891bXhOrs5SQAGkGzWoc:C4LwvROQF2Y/g8pOriSQ
Score

3^/10
behavioral13 behavioral14
- Target
  
  autoss.exe
- Size
  
  2.1MB
- MD5
  
  da4e0703a34085c2fa77d86492273381
- SHA1
  
  6905a25afa412c21528fa601c121c957d0436248
- SHA256
  
  41064f46efbd85824697f4675ff6d70e9b47107891fcc5a966361deb370a70cf
- SHA512
  
  98d339c8e915f8d967641eafc22ee14216a9d5dd61e660d0aba557af622667b52eeacb9d54a043b04bae6079937986d4b7ad219077ceea348de328b6520d6327
- SSDEEP
  
  24576:IbYUSrlwjSVB9y81hXlEM2Iu9VYRj/1rRiVzC2:Is3zy4u9WD1twzC
Score

10^/10

modiloader trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
behavioral15 behavioral16
- Target
  
  disktop.exe
- Size
  
  498KB
- MD5
  
  6bf4a69d3f938496f36dc3fa2f7dda0b
- SHA1
  
  eedc94f5a8df9a4aa5eb58b3fc835448e2825ea5
- SHA256
  
  1f73df400d14b85e556a20d94b1e2ae85ce860dabe190c6bdb644c4c354684ad
- SHA512
  
  a9e3674a03a2b7c61353281a6c419901f9a9cb7210bf38b05729e2a7b21778b251502bb87f09d39ee89d2f6dd1b2fef8dacc0ab0ecc2345398eb2fb877de311f
- SSDEEP
  
  6144:sjrnm1kUXj+SkzpzRCv5HcPIloaxsEdAJqAHVgiTeYuH70KNXfreXH1wOA1yMGIS:srnjUXj+SkxWSEyXC3Yub1qXHrA1hKl
Score

1^/10
behavioral17 behavioral18
- Target
  
  uninst.exe
- Size
  
  88KB
- MD5
  
  bbc83c95d7a2a93b0f3a24e471f9bfde
- SHA1
  
  dff793da5932c33e39b031441149333a9fdb3577
- SHA256
  
  46380642a474308abd141b21e4b42b05725da9a6a7be8e33dd5e232f8c7bca32
- SHA512
  
  4b2fac36e5bf79694bba6f484f0b87a2fd697151845169fcd19b12c88c7fe834470df21c607e5e2e8ce1add3f69b782ea495e68802ff9da11ea37f0a38beeec5
- SSDEEP
  
  1536:FpgpHzb9dZVX9fHMvG0D3XJHgfn5GdujLoHWAEYnt3zM1m:3gXdZt9P6D3XJHCnAEo2APV
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral19 behavioral20
- Target
  
  AutoPowerOn_windown8/下载说明.htm
- Size
  
  3KB
- MD5
  
  9bd1ac9ead8eda95e8284f12ddba89e2
- SHA1
  
  44ad2b426711da0bc122d500b9117808385bd406
- SHA256
  
  54198ae94a082537ca82686954de11084ebb050917b65871fe1639c2c1a308b8
- SHA512
  
  e94611639a7396705f684055fa762db261bbaffb2d7b459b1fddbd44d25358b3bb3111ae84a8bc444388f26908193fbfa79c232570f52a38f1c49fb57b322850
Score

1^/10
behavioral21 behavioral22
- Target
  
  AutoPowerOn_windown8/使用帮助(河东软件园).url
- Size
  
  216B
- MD5
  
  6a29fdd9a578559f631bd0c0919539f2
- SHA1
  
  7ba1e243d907b6893f798dbd6169ee057e4845e9
- SHA256
  
  6592450b9c9233d6d1a751020b3514bd20512d1224983c774e633ab2dee7b2c9
- SHA512
  
  6eee5fe42d1105523e0555ba90f6a98237293983238a80342a62bb7dc1cb1a5b00081a447ae3a0d36f67ace197f288315f816f6da9ea27457753efb625793cc1
Score

1^/10
behavioral23 behavioral24

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Loads dropped DLL

ModiLoader, DBatLoader

ModiLoader Second Stage

ModiLoader, DBatLoader

ModiLoader Second Stage

Deletes itself

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24