modiloader | 4fdc32f43e8b2388eaedbd3cfd2989a8ae86357887b0f76280c4c7903b6cf291 | Triage

Submit
Reports

Overview

overview

Static

static

1

TahsilatMa...df.cmd

windows7-x64

TahsilatMa...df.cmd

windows10-2004-x64

Sharing

General

Target

TahsilatMakbuzu.pdf.Tar
Size

781KB
Sample

240612-tc1pssvbnp
MD5

b417c14cc1cdb0a69f0a82eafa83a5b0
SHA1

2c84af2439bb438616ff245efdd3f990d87f60d7
SHA256

4fdc32f43e8b2388eaedbd3cfd2989a8ae86357887b0f76280c4c7903b6cf291
SHA512

dc1691533e66ced910b53006d1c8641796865e78f7be5ccd3cd0556971ad88c0c2f5259a3163c54e3f0d28f42cb375bd6be32acc7cb9b1c83acb5a28f22a919f
SSDEEP

12288:RwmqCRaJC539c4BYR2tlioFcrdPTrSdUalh98yozIvuwL/IWnbzM8AlKbjdGF6x:RLhQR6l4rpKOwW/ImwpvMRgbl

Score

10^/10

modiloader execution persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

TahsilatMakbuzu.pdf.cmd

Resource

win7-20240611-en

modiloader persistence trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

TahsilatMakbuzu.pdf.cmd

Resource

win10v2004-20240611-en

modiloader execution persistence trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  TahsilatMakbuzu.pdf.cmd
- Size
  
  3.1MB
- MD5
  
  954ce5748eb4c9443e5f371e9011ed49
- SHA1
  
  46141d9c529a1445dc7f749252eceb1d534e1f7f
- SHA256
  
  08966de468601537e7b35dca3795e41b124d9d3849caefae0e9e7eae182cc57b
- SHA512
  
  3a6d243ce8a26fac7a11dc4fda7816c6f46f7041cfd6808dc110738c6f56fdcd0e19b295cd70ecfb4bbc4628a8076c7026113007c1e2db1b86b49819e61ae1fe
- SSDEEP
  
  49152:dmcZjA7xaJ7ArADAFbceewfaoiq440nE2uNfANfWiHtB:P
Score

10^/10

modiloader persistence trojan execution
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

modiloaderpersistencetrojan

behavioral2

modiloaderexecutionpersistencetrojan

© 2018-2024

Terms | Privacy