modiloader | 0768d3f5de2abcf20f04206da647cd67832451aeb139d59308d960bbde74f0e5 | Triage

Sharing

General

Target

8a0ebafe5a1dbe44336099a0980e28dd_JaffaCakes118
Size

397KB
Sample

240601-lkajksgg9s
MD5

8a0ebafe5a1dbe44336099a0980e28dd
SHA1

a72c35986c7edd0dc09c6c949c66785b2f42588f
SHA256

0768d3f5de2abcf20f04206da647cd67832451aeb139d59308d960bbde74f0e5
SHA512

93d0b8d91e17e4f4f61a87f2257dc5d9c0be626651a64289a24abf6b36de7b97e96755fe65f3c985a7fbbd6cbfaf23552aadeca25841d8cd177e9373847db06b
SSDEEP

6144:MLy84u9nSO2GjZkD10BIY3rb1YfBdfpoZ3u/Ht52w6JSeiFPXmd7:Y+u9nx2GjMY3XKfd/H/9Pu7

Score

10^/10

modiloader persistence trojan

Malware Config

Targets

- Target
  
  8a0ebafe5a1dbe44336099a0980e28dd_JaffaCakes118
- Size
  
  397KB
- MD5
  
  8a0ebafe5a1dbe44336099a0980e28dd
- SHA1
  
  a72c35986c7edd0dc09c6c949c66785b2f42588f
- SHA256
  
  0768d3f5de2abcf20f04206da647cd67832451aeb139d59308d960bbde74f0e5
- SHA512
  
  93d0b8d91e17e4f4f61a87f2257dc5d9c0be626651a64289a24abf6b36de7b97e96755fe65f3c985a7fbbd6cbfaf23552aadeca25841d8cd177e9373847db06b
- SSDEEP
  
  6144:MLy84u9nSO2GjZkD10BIY3rb1YfBdfpoZ3u/Ht52w6JSeiFPXmd7:Y+u9nx2GjMY3XKfd/H/9Pu7
Score

10^/10

modiloader persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

modiloaderpersistencetrojan

behavioral2

modiloaderpersistencetrojan