modiloader | 4410fd44f9c8afef8f62d88ed72d3992332e3d8b27bff4652ef7c27cf2f70d09 | Triage

Sharing

General

Target

executor.zip
Size

4.3MB
Sample

240906-prgs1sxbka
MD5

d17c35a0cefd60807be8cbfee2294a44
SHA1

630a90345d4f309d817d4a40701c8239395c9006
SHA256

4410fd44f9c8afef8f62d88ed72d3992332e3d8b27bff4652ef7c27cf2f70d09
SHA512

30f4cdfa70679182f511596cf314e88252436de35ac68b7761f128eeab7c236b1226ae66914963d5fecf77562fcbcb7c31b4c00cc0795977596851fefef5462a
SSDEEP

98304:wGrQP4z/ZqNJhUVhPKPQmyenapcLx65JA2HwFPK9dbqYZtdR+Wic:wGrU4zxqExNle2+xUr9dbnZtD+WZ

Score

10^/10

modiloader defense_evasion discovery persistence trojan

Malware Config

Targets

- Target
  
  Bloxstrap-v2.7.0.exe
- Size
  
  10.1MB
- MD5
  
  2c752edef5b0aa0962a3e01c4c82a2fa
- SHA1
  
  9c3afd1c63f2b0dbdc2dc487709471222d2cb81e
- SHA256
  
  891846bf656253ca1cdd28584a28681e9604e2a03d74cd6b99313e3bff11daf8
- SHA512
  
  04d25fe7d40c8c320ffc545a038ad6ea458df6a8a552b0e0393b369a03b9bf273c72f30169bd54e8eb10757c04bdddf3859c601c1eb9e1a12fe4d15658906dfe
- SSDEEP
  
  98304:TYd5DQd5Dk9Tsed5DogTrBKvGWD3nIOYoHwfLk3vSmaR0+Mc4AN0edaAHDfysrT4:Tasx3vG6IObAbN0T
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1
- Target
  
  BootstrapperV1.14.exe
- Size
  
  421KB
- MD5
  
  17020d673c9355ed597bf69dddbd0b68
- SHA1
  
  b524e4e65526e8cf65b6ea60c080b60ad738a44c
- SHA256
  
  b70a30f72b328ae08926a668d94bbf15c45abc50e57667a3d9ab6d61fa4c417b
- SHA512
  
  ade8acdbb7a689351b57ed02d89aa03b9ed15b7dfff84b99fc5a7d365f34467a8f4f60ad82fc05ea0fc95aee99c5a00ada53bf1ce1f2bf7f0ee6d1ea7e98ffb4
- SSDEEP
  
  6144:hLy84u9nSO2GjZkD10BIY3rb1YfBdfpoZ3u/Ht52w6JSeiFPXouPhG:p+u9nx2GjMY3XKfd/H/9PrPhG
Score

10^/10

modiloader defense_evasion discovery persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Impair Defenses: Safe Mode Boot
  defense_evasion
- Adds Run key to start application
  persistence
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Safe Mode Boot

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

modiloaderdefense_evasiondiscoverypersistencetrojan