modiloader | 5ad617d7cd409f9695a6d1e03d38faa5d07982920a0b4273c6da200038102f2a | Triage

Sharing

General

Target

8c9ce1ce86ccf0e09154ac9a466104e5_JaffaCakes118
Size

397KB
Sample

240602-czmysagd57
MD5

8c9ce1ce86ccf0e09154ac9a466104e5
SHA1

f640aa0356d1688db801892a0c245438295189b2
SHA256

5ad617d7cd409f9695a6d1e03d38faa5d07982920a0b4273c6da200038102f2a
SHA512

3bceb871873f3f4bd176cb9b38d3f2a3e2caaafeb2e8c3c8e1f8d85c0b8517526ee2ff9862a806c2905f45aa4151a3d2a5886ba4af00229055db98e4a95ab73f
SSDEEP

6144:MLy84u9nSO2GjZkD10BIY3rb1YfBdfpoZ3u/Ht52w6JSeiFPXmj7:Y+u9nx2GjMY3XKfd/H/9Pk7

Score

10^/10

modiloader persistence trojan

Malware Config

Targets

- Target
  
  8c9ce1ce86ccf0e09154ac9a466104e5_JaffaCakes118
- Size
  
  397KB
- MD5
  
  8c9ce1ce86ccf0e09154ac9a466104e5
- SHA1
  
  f640aa0356d1688db801892a0c245438295189b2
- SHA256
  
  5ad617d7cd409f9695a6d1e03d38faa5d07982920a0b4273c6da200038102f2a
- SHA512
  
  3bceb871873f3f4bd176cb9b38d3f2a3e2caaafeb2e8c3c8e1f8d85c0b8517526ee2ff9862a806c2905f45aa4151a3d2a5886ba4af00229055db98e4a95ab73f
- SSDEEP
  
  6144:MLy84u9nSO2GjZkD10BIY3rb1YfBdfpoZ3u/Ht52w6JSeiFPXmj7:Y+u9nx2GjMY3XKfd/H/9Pk7
Score

10^/10

modiloader persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Modifies Installed Components in the registry
  persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderpersistencetrojan

behavioral2

modiloaderpersistencetrojan