modiloader | 10d02f3815aeb598a24ab47786f320beea551cc36bd672ae63179c4cbbe25443

Resubmissions

09-06-2024 06:34

240609-hb53caeh8y 4

09-06-2024 06:34

240609-hbym9seh71 4

09-06-2024 06:33

240609-hbpelafg39 10

09-06-2024 04:19

240609-exhx6ade5z 10

Sharing

Copy URL

Twitter E-mail

General

Target

af9e835fc667bc0d5623fb958c85d10e.bin
Size

1.0MB
Sample

240609-hbpelafg39
MD5

64402e6518317838ba4024613c1fbdb3
SHA1

8a2814294bbac9386228296551974e54022edcfd
SHA256

10d02f3815aeb598a24ab47786f320beea551cc36bd672ae63179c4cbbe25443
SHA512

5acdb74a8aa8b9791e79a080970407b0e36a7adad0651756c7ffd34f322ba9320d6ebbed564dd7b3bbb1ebf78987ddc35cbeac99f831ef496b320210dae74267
SSDEEP

24576:mbCDVkaJecvOONSXQ4O8gINX11SnaeSiwPd4FCb8ijbbR:GSkaJsOYXQbINX1//iwPaUb8ijfR

Score

10^/10

Malware Config

Targets

- Target
  
  b4e86c38b2b424b473220586c583c7da8ecb98d192581ef0ba37774911cf8351.cmd
- Size
  
  3.6MB
- MD5
  
  af9e835fc667bc0d5623fb958c85d10e
- SHA1
  
  38d325758725552205de9ab138cb0828c7b632bf
- SHA256
  
  b4e86c38b2b424b473220586c583c7da8ecb98d192581ef0ba37774911cf8351
- SHA512
  
  e690c98c0f265262049624576b55b3f792e8a59ba230594f24ac740924faa27a1ee8acb7e3eac511a0c181d0554b785113e31e410746ce7c948a119689cb323f
- SSDEEP
  
  49152:vgk00JywMTAermhoGyBDj1kwXui5zlrT2Da0QhEQ:A
Score

10^/10

modiloader persistence trojan execution
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

ModiLoader, DBatLoader

ModiLoader Second Stage

Command and Scripting Interpreter: PowerShell

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2