modiloader | c479b75d73c77b3c5aed7602e6b25f954c82161a7690a689b4cba7ebbd5f09e2 | Triage

Sharing

General

Target

029a7db15bc7043ac96b6bfaad802f6d_JaffaCakes118
Size

3.5MB
Sample

240620-ehqz8axelg
MD5

029a7db15bc7043ac96b6bfaad802f6d
SHA1

03f47d8258ecafe09fc7044999271f9b8e2c9368
SHA256

c479b75d73c77b3c5aed7602e6b25f954c82161a7690a689b4cba7ebbd5f09e2
SHA512

9deb706d0eeebd6ff95f6a5936adecd5721197282276525e724354bc67c1f27173134b1d53aa3ff23dc55394d330e68907f9ed3f9aaedb69b0dcd89614564ebb
SSDEEP

98304:11Pkva2R5bDVYPpXwVzSJUrD6/3DVRDp/HyuzLo:11PkyobD6p0mWW/fDVNc

Score

10^/10

modiloader bootkit persistence trojan

Malware Config

Targets

- Target
  
  029a7db15bc7043ac96b6bfaad802f6d_JaffaCakes118
- Size
  
  3.5MB
- MD5
  
  029a7db15bc7043ac96b6bfaad802f6d
- SHA1
  
  03f47d8258ecafe09fc7044999271f9b8e2c9368
- SHA256
  
  c479b75d73c77b3c5aed7602e6b25f954c82161a7690a689b4cba7ebbd5f09e2
- SHA512
  
  9deb706d0eeebd6ff95f6a5936adecd5721197282276525e724354bc67c1f27173134b1d53aa3ff23dc55394d330e68907f9ed3f9aaedb69b0dcd89614564ebb
- SSDEEP
  
  98304:11Pkva2R5bDVYPpXwVzSJUrD6/3DVRDp/HyuzLo:11PkyobD6p0mWW/fDVNc
Score

10^/10

modiloader bootkit persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

modiloaderbootkitpersistencetrojan

behavioral2