modiloader | f5e90cf4317c1bbc07bfa3714bb47d09b3e76aec719e426cbc9d9ba16a7820a9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8514f4c038ed19f0b963c4374c283ce4_JaffaCakes118
Size

1.2MB
Sample

240810-g2sdhashqe
MD5

8514f4c038ed19f0b963c4374c283ce4
SHA1

7feb015a7ff690ec7bd8c425e4185674ecb1a8e2
SHA256

f5e90cf4317c1bbc07bfa3714bb47d09b3e76aec719e426cbc9d9ba16a7820a9
SHA512

e0a5712d7618c8ba18fd78250db2cc465471b2b8db59326ed33b34e9e0456d78e6379e946aae71569087fa3d07a33ca6ef03d98745808a6cbc40cc5adf85d689
SSDEEP

24576:ZypbVZrkuOx/dIdBI6qiv1NEgprytkV0tO8wn:ZypUWZ1YtkVqO8O

Score

10^/10

modiloader discovery trojan

Malware Config

Extracted

Family

modiloader

C2

https://cdn.discordapp.com/attachments/748093730522791950/760005497381715978/Aqjiiiz

Targets

- Target
  
  8514f4c038ed19f0b963c4374c283ce4_JaffaCakes118
- Size
  
  1.2MB
- MD5
  
  8514f4c038ed19f0b963c4374c283ce4
- SHA1
  
  7feb015a7ff690ec7bd8c425e4185674ecb1a8e2
- SHA256
  
  f5e90cf4317c1bbc07bfa3714bb47d09b3e76aec719e426cbc9d9ba16a7820a9
- SHA512
  
  e0a5712d7618c8ba18fd78250db2cc465471b2b8db59326ed33b34e9e0456d78e6379e946aae71569087fa3d07a33ca6ef03d98745808a6cbc40cc5adf85d689
- SSDEEP
  
  24576:ZypbVZrkuOx/dIdBI6qiv1NEgprytkV0tO8wn:ZypUWZ1YtkVqO8O
Score

10^/10

modiloader discovery trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader First Stage
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdiscoverytrojan

behavioral2

modiloaderdiscoverytrojan