modiloader | 8a02e1cc6e87a0871205eceaeb44116dde56aa5fab020c812e1079b9a7e27c60

General

Target

3371ebfe7d6021d6c7c9b944670ca148_JaffaCakes118
Size

82KB
Sample

240710-f1aavs1bqh
MD5

3371ebfe7d6021d6c7c9b944670ca148
SHA1

5bb36cd57bf3c9cda624b08fe51a347bbad7ee13
SHA256

8a02e1cc6e87a0871205eceaeb44116dde56aa5fab020c812e1079b9a7e27c60
SHA512

6d5eb88eb7939e57e1d17c94450b18929ab3de55361f77d225404961959d2cbcb1df59e6fe25d3ea9fbb91bcc5e3184a6bba75a00fa76c11f5ef1bfe697486c4
SSDEEP

1536:fLNq/8ECJj6kZSAHcL3fXijjQUoKIVkcIYjt5Ee6wG:fPdZSAMfXiPTIVvIYjLawG

Score

10^/10

Malware Config

Targets

- Target
  
  3371ebfe7d6021d6c7c9b944670ca148_JaffaCakes118
- Size
  
  82KB
- MD5
  
  3371ebfe7d6021d6c7c9b944670ca148
- SHA1
  
  5bb36cd57bf3c9cda624b08fe51a347bbad7ee13
- SHA256
  
  8a02e1cc6e87a0871205eceaeb44116dde56aa5fab020c812e1079b9a7e27c60
- SHA512
  
  6d5eb88eb7939e57e1d17c94450b18929ab3de55361f77d225404961959d2cbcb1df59e6fe25d3ea9fbb91bcc5e3184a6bba75a00fa76c11f5ef1bfe697486c4
- SSDEEP
  
  1536:fLNq/8ECJj6kZSAHcL3fXijjQUoKIVkcIYjt5Ee6wG:fPdZSAMfXiPTIVvIYjLawG
Score

10^/10

modiloader discovery spyware stealer trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

ModiLoader, DBatLoader

ModiLoader Second Stage

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Checks installed software on the system

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2