modiloader | f7885c11381419f7de808bf882fc4c0f6d780ffc68358cf1304beda85da5ddf1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

04d739b9c82b11b7e0bfd452ca8b3fdc_JaffaCakes118
Size

1.8MB
Sample

240620-lp1lka1bjh
MD5

04d739b9c82b11b7e0bfd452ca8b3fdc
SHA1

77b3132d4b8f31c80daf62fead987a8499781882
SHA256

f7885c11381419f7de808bf882fc4c0f6d780ffc68358cf1304beda85da5ddf1
SHA512

40f58919493ce1a10bda9ca1bdfa27225bd7d91346fe626adf3eb454d7e2d07892bce8e05a84a3298004b56a378ae499fbd6197dcb583da048c238c7bf483b2c
SSDEEP

49152:ivv4kwtAmQg+mOy50bb8rkQr+fah6m+wV6R5v:OwkwtAmQg+ml5obOkQr+fg6mz0T

Score

10^/10

modiloader bootkit linux persistence trojan upx

Malware Config

Targets

- Target
  
  Perl Editor/Breakpnt.exe
- Size
  
  414KB
- MD5
  
  1519f2664204424acd3fe48ead1ca26a
- SHA1
  
  de41c62355dadc564d80d2931d5e2d02c3cff4f9
- SHA256
  
  1300017580ecf5911accfb865f658f76facfa869a42c0b542e6c04931e02e431
- SHA512
  
  e3fed2e946c301caa974f15ac16e75d6873f1fbff2d565dc2769eb122c0f67ae42175719eb7a396a3cad0cfac800506ee347e7dfd98d69de6a8b36b9e202eb67
- SSDEEP
  
  12288:spCOyva7D/JcvzSKvgDhCGkW1meyUGpnYFPipu:s0wzOBvKhaW1HGlYME
Score

10^/10

modiloader bootkit persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader First Stage
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2
- Target
  
  Perl Editor/Pleditor.chm
- Size
  
  94KB
- MD5
  
  e4a7f768c22b70118a7b0a99469a0b72
- SHA1
  
  c7cc1c4c6dcf6ea4e24de1603fee79f6bdca5bef
- SHA256
  
  2e20b075a9ca750dbbb0085c4f864356a442e0ba7880d1691b9a74d386b75670
- SHA512
  
  4904f8e523bac122936f6b06f2df856524fa430b7537c2638b6c0fe57e1f1d3391a8096d27b47f5506e395e10beee67183bd1c1082ff4d5367011e17a3a2cfd7
- SSDEEP
  
  1536:2twZtIuuKAC4MUJ194Xle6PLlUkEXO585QMUQOVhnv0u5Z6kMf7V9e2q6:JlNJUwltRf5O2rnvLPZe7Xh
Score

1^/10
behavioral3 behavioral4
- Target
  
  Perl Editor/Pleditor.exe
- Size
  
  2.8MB
- MD5
  
  3ed338db0dd1dfbc2c9e74c7b1b16119
- SHA1
  
  a50e456a09ccc4ba675d22fc945dd4d085e415ce
- SHA256
  
  25e6a02094a667ba5306da7dd2aee878340789b50c609f21f64ce89d140a02e6
- SHA512
  
  92f90d3ddf975520c5c13b97937c99c8223873604f8444ce3c3015a9cfa7efb7f805000166af16cff51d12ffa4930caf713329e08b0a39b26d5036b24032244f
- SSDEEP
  
  49152:niXY62/NyoHdy/tCjIGgsCaZxMQq3rMg4QqquVMqq:iXY6Zo98oj1gsCqMQq3rMg4QqqyMqq
Score

10^/10

modiloader trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader First Stage
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral5 behavioral6
- Target
  
  Perl Editor/Samples/cp-hello.pl
- Size
  
  241B
- MD5
  
  d924e8f76a44881a72458bc91526221f
- SHA1
  
  e5982010c4231be0931eb6dabfb7a8649229b0de
- SHA256
  
  528a6952dba46b59f31e69dc1d4800ad64d8c7de5b0c4a878f388248e821924d
- SHA512
  
  51ff0f950ce89fc43d9576489b91ec4fe374a6362b4f7ae8b16f5bf1672a0a9fe196ebd7c68bdd07c3c307bfcfd9ef338761069f9f8bc5b1e28a4cf8f44ece28
Score

1^/10
behavioral10 behavioral7 behavioral8 behavioral9
- Target
  
  Perl Editor/Samples/envvars.pl
- Size
  
  241B
- MD5
  
  baa1691c2ef8437bafa19cc62ba5696a
- SHA1
  
  9287dd3d13dab91d1b9e702b736ef069831340a5
- SHA256
  
  8daf61959952a9a93ea3efb72720514569b9da54f712a3bbb342e682d0217e7a
- SHA512
  
  ad14ebb47ad82923f0e3d944c36d21fe0a68d5f72ce649bbd80a720d2cbaa4b26a047dc23c16852416cb40897f6fcac5e88d6b0dad8233680349890c9a7d5682
Score

1^/10
behavioral11 behavioral12 behavioral13 behavioral14
- Target
  
  Perl Editor/Samples/hello.pl
- Size
  
  98B
- MD5
  
  31b6e6dc30369aeed1b21e7b8c0185bf
- SHA1
  
  5a3181a8ac9c0c2235a2bbbef5a2cd345e237a02
- SHA256
  
  5882e8122b7727db8dcf8d61f3598ddeee4d30ec90089f45f1df49d74be2e49a
- SHA512
  
  1b384f715d4e5e539c9c3e9e364b5a8efee3bbb49ec3fc200b9a09d779b54e5867d06124b1f1e47217dceadeb235312118ed8e3fd03beff66cb62b2b443335a6
Score

1^/10
behavioral15 behavioral16 behavioral17 behavioral18
- Target
  
  Perl Editor/Samples/oldform.pl
- Size
  
  851B
- MD5
  
  a196186fd7dc74afce35a18a660bb5c0
- SHA1
  
  0d4adc5a005c04610215e071c897ad727cc78cd8
- SHA256
  
  1de23a12351ccf6fdd17124bcad4b8c5d91074a1544658102fc046c66f4f380c
- SHA512
  
  7e56012bc46d131089dc9956d499ca39c3094ed9d563bf197413a309de5090e52589cac64d4a8b50def2173d7c673d48e987809009118dc90ba6a72a5bd978ae
Score

1^/10
behavioral19 behavioral20 behavioral21 behavioral22
- Target
  
  Perl Editor/Samples/param.pl
- Size
  
  154B
- MD5
  
  ba100d5c8bc5baae23a40a73429d310a
- SHA1
  
  31ec8b0a4ca0a33dbef87218af4c66e74fdfa306
- SHA256
  
  53afe61729fbbbd148ebd978730c9a96878566c7ea2e625ab89eda5e2654445c
- SHA512
  
  e457ccaced3e5cb117b2df4f052fc1c1239ed068c3f6ee2f611533efc5598f00402ab05438cade549a801a68f92e4184d6d93b723acb0499a17ad5833af7fc5e
Score

1^/10
behavioral23 behavioral24 behavioral25 behavioral26
- Target
  
  Perl Editor/Samples/time.pl
- Size
  
  957B
- MD5
  
  0a83d33a4586b9f1d654cbca68b5da65
- SHA1
  
  c14e65d31e03e83669435bc400bfdf2b8973fe57
- SHA256
  
  6404ae64326712b41bb9d63223d3656992f870173125ae76087ba3a4711d8f27
- SHA512
  
  3983542c53e439baadc93da97db9b8f613ab9126882ea23cf5cfbf77157323569b69645b6bb2b674d014a3d108850028dc5089db2e1a1f2c115091812c65a801
Score

1^/10
behavioral27 behavioral28 behavioral29 behavioral30
- Target
  
  Perl Editor/Uploader.exe
- Size
  
  411KB
- MD5
  
  fc76344a18efe756aab51695ea7a3d5a
- SHA1
  
  6d7e91801ffc03aeecedfe2e4d5744a3ba2967a9
- SHA256
  
  1ec0e12f201a3b790c53a2d29c3f285aaff9080b5bab09cd1fee73089b36fbe0
- SHA512
  
  30e69e9f13ceb10f3d1c6b43efe9a54c9650c7cc21d484606441e4f1ae2e0913c72ec5c3e1d93b5718be60ce0f74615bf3eec726f5ecfb955e2d2ffaade57cfa
- SSDEEP
  
  12288:1GTEGS1SPPNwrvZj4+xZq4JW1meyUGpiV0ml0:1WEx1SPVohvJW1HGA0my
Score

10^/10

modiloader bootkit persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader First Stage
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderbootkitpersistencetrojan

behavioral2

modiloadertrojan

behavioral3

behavioral4

behavioral5

modiloadertrojanupx

behavioral6

modiloadertrojanupx

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

modiloaderbootkitpersistencetrojan

behavioral32

modiloadertrojan