modiloader | 7cfbbb7db8702779f46a4068776d00a40ca45dbbf30e816a9e02f331d75eb6c9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

27b17a062f258fcd5e422e98c2791920_JaffaCakes118
Size

57KB
Sample

240706-h3nx5ssfqf
MD5

27b17a062f258fcd5e422e98c2791920
SHA1

f5537588ac160856e4ec6e17a9530c93fdcd7c01
SHA256

7cfbbb7db8702779f46a4068776d00a40ca45dbbf30e816a9e02f331d75eb6c9
SHA512

62cc3b9e7c5efc8ad56fa95590a9d5c17db481e49a29215c5427973a1c5cd6f32c376a65e2f07b3f36907fd4373c0d36870221bf6ed1aae403a8a3a017344e61
SSDEEP

1536:NmXKngPbQ4l5MnLH1pepUS0YVoEIy5nmU3z2rmrV:NEKgPs4laBEUYVoALDrJ

Score

10^/10

modiloader persistence trojan

Malware Config

Targets

- Target
  
  27b17a062f258fcd5e422e98c2791920_JaffaCakes118
- Size
  
  57KB
- MD5
  
  27b17a062f258fcd5e422e98c2791920
- SHA1
  
  f5537588ac160856e4ec6e17a9530c93fdcd7c01
- SHA256
  
  7cfbbb7db8702779f46a4068776d00a40ca45dbbf30e816a9e02f331d75eb6c9
- SHA512
  
  62cc3b9e7c5efc8ad56fa95590a9d5c17db481e49a29215c5427973a1c5cd6f32c376a65e2f07b3f36907fd4373c0d36870221bf6ed1aae403a8a3a017344e61
- SSDEEP
  
  1536:NmXKngPbQ4l5MnLH1pepUS0YVoEIy5nmU3z2rmrV:NEKgPs4laBEUYVoALDrJ
Score

10^/10

modiloader persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderpersistencetrojan

behavioral2

modiloaderpersistencetrojan