modiloader | 850c747b308ad0ef5b8fb3ecd8d8bb6eb3d3bc2ef2963d61eae76c786cf55125 | Triage

Sharing

General

Target

a65a906aa39281a974f8b79ab3995c81_JaffaCakes118
Size

397KB
Sample

240613-taqf2syhnk
MD5

a65a906aa39281a974f8b79ab3995c81
SHA1

1dc18c1065b98de2ea1ba5c19809d04c14c8edce
SHA256

850c747b308ad0ef5b8fb3ecd8d8bb6eb3d3bc2ef2963d61eae76c786cf55125
SHA512

bc681cb217f548c469b762e29c10e86f89e62579afaf7b38853b559e282edb915808ae33985b9c87680b325d603a9e98310e36bbdff3237cfcbd138f08b27d25
SSDEEP

6144:MLy84u9nSO2GjZkD10BIY3rb1YfBdfpoZ3u/Ht52w6JSeiFPXxo7:Y+u9nx2GjMY3XKfd/H/9Pi7

Score

10^/10

modiloader persistence trojan

Malware Config

Targets

- Target
  
  a65a906aa39281a974f8b79ab3995c81_JaffaCakes118
- Size
  
  397KB
- MD5
  
  a65a906aa39281a974f8b79ab3995c81
- SHA1
  
  1dc18c1065b98de2ea1ba5c19809d04c14c8edce
- SHA256
  
  850c747b308ad0ef5b8fb3ecd8d8bb6eb3d3bc2ef2963d61eae76c786cf55125
- SHA512
  
  bc681cb217f548c469b762e29c10e86f89e62579afaf7b38853b559e282edb915808ae33985b9c87680b325d603a9e98310e36bbdff3237cfcbd138f08b27d25
- SSDEEP
  
  6144:MLy84u9nSO2GjZkD10BIY3rb1YfBdfpoZ3u/Ht52w6JSeiFPXxo7:Y+u9nx2GjMY3XKfd/H/9Pi7
Score

10^/10

modiloader persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Modifies Installed Components in the registry
  persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderpersistencetrojan

behavioral2

modiloaderpersistencetrojan