modiloader | 3bfbc49b9bc33806092af8ac33deb3633e1077a9826c89da19790175b191092b | Triage

Sharing

General

Target

2518cfc60760d17344fe8f898bf9a082_JaffaCakes118
Size

610KB
Sample

240704-h6zttazgpm
MD5

2518cfc60760d17344fe8f898bf9a082
SHA1

f19c70d9aa760374fcdac552927cbd15dceaf8da
SHA256

3bfbc49b9bc33806092af8ac33deb3633e1077a9826c89da19790175b191092b
SHA512

c955b909698f0cc90cc5d5f94e379ab6a99dcbe24baacda0ffb8a828600a24fa9599abfb0c411208de6a2147a3fe9891419535549a35597ccb21ec4d3a762db1
SSDEEP

12288:b8R/rH+Poc+8SYR6+z9zfL9ri2K+RF3Z4mxx/DqVTVOCYH:wlH+PP+BYR6+NfLE2KOQmX+VTzq

Score

10^/10

modiloader persistence trojan

Malware Config

Targets

- Target
  
  2518cfc60760d17344fe8f898bf9a082_JaffaCakes118
- Size
  
  610KB
- MD5
  
  2518cfc60760d17344fe8f898bf9a082
- SHA1
  
  f19c70d9aa760374fcdac552927cbd15dceaf8da
- SHA256
  
  3bfbc49b9bc33806092af8ac33deb3633e1077a9826c89da19790175b191092b
- SHA512
  
  c955b909698f0cc90cc5d5f94e379ab6a99dcbe24baacda0ffb8a828600a24fa9599abfb0c411208de6a2147a3fe9891419535549a35597ccb21ec4d3a762db1
- SSDEEP
  
  12288:b8R/rH+Poc+8SYR6+z9zfL9ri2K+RF3Z4mxx/DqVTVOCYH:wlH+PP+BYR6+NfLE2KOQmX+VTzq
Score

10^/10

modiloader persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderpersistencetrojan

behavioral2

modiloaderpersistencetrojan