modiloader | 9012a47a33830ca75305a1648ff073143561cd7b102e93563a1eda196be3840d

Sharing

Copy URL

Twitter E-mail

General

Target

d548be88a497ba3479e5d009e5bb33e3_JaffaCakes118
Size

1.0MB
Sample

240908-3gdv9s1arn
MD5

d548be88a497ba3479e5d009e5bb33e3
SHA1

f05a54393175d97a18204e6eecba6a45deec7875
SHA256

9012a47a33830ca75305a1648ff073143561cd7b102e93563a1eda196be3840d
SHA512

47f914a34b3e9122b85efa7cc45c4a14d57aa89c08eac8c948a09f74ba90dfa371e18eda19bbb0b9b6404e1e57e51efc80fce603bdb0ffa23a3a3c0e8dbd44f7
SSDEEP

24576:dXPcHdC+xs9FiVhjFgxDcEu6jfxiFjgXce9slW8kA1NKjAICuQr:dXPccvbiVhRmDcEgJcciyDzxf

Score

10^/10

Malware Config

Targets

- Target
  
  Shut Down Expert/Help.chm
- Size
  
  360KB
- MD5
  
  6928480e58bf85c8fa54201d17df2abe
- SHA1
  
  cd5ae880baac26e4c14f49f14bc3100cd798f429
- SHA256
  
  c9e01953c13cc23f526a7769dc9ac0d748b93c624f009ad2a46ea5e6f3f04cb4
- SHA512
  
  16a62a36e351f068779a9d50030349cf86382782a628ce5b6efcff5d4f02e8dfced42c6945dfbf3b1289b3df557521a33a941954a9e20ffcfebdd6450776dcee
- SSDEEP
  
  6144:ntM5ZkKBCoulWbZGW32J2MfwuC3iHHsWEui/5iNWLjawepJtpVURyGoPvve88DMG:tMLknd2ZGP2EwuC3iHMWEJhfvawejHG5
Score

1^/10
behavioral1 behavioral2
- Target
  
  Shut Down Expert/SDECmd.exe
- Size
  
  119KB
- MD5
  
  6cc79939138a07e43bcc614a6ba3e8e9
- SHA1
  
  eb5c9973f2cad3412c3490fb0c07e32d4e936e47
- SHA256
  
  c1e11906125c25e58153b9f115f4d6b5435bf9f0f7050ca77f9fc002211da366
- SHA512
  
  25b50b399d9d6b1e5ed9926504cbfffd45f3aa72cd7dd4aaf634769444c07cb312cd427bf09e82f37432b3d262df472256f7ffafd19bbd94cb6f3c7254cbe82a
- SSDEEP
  
  3072:U4GePurpDaokNgnKdDgkbCwe2gqrGkIlxbHCGQ7ojR:jPudggnVwEZHE
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  Shut Down Expert/SDEServ.exe
- Size
  
  514KB
- MD5
  
  380ce1d5bd057f1cebef0eff292ef06c
- SHA1
  
  655c87942bb1b983548925d1110bef25ee715644
- SHA256
  
  f4d66e8e244389baac8c2229d8eb162f187c1e34a0d7dd8dbb35ac72923d9944
- SHA512
  
  c2c48c69d8de04491c844ac39d9601269402433fc230f9e23b2384e320b23d8de3df9bef15221168bab7d4bb7cb4a03124842180ee5a3a94c0d844934639e3bc
- SSDEEP
  
  6144:IXLBh7N5GTqmBlioRxzYDtP9oaS73JfM3HYW5J6rDpm9KjnHmMEtcYiGeAt0H5W/:MBxDGGqiogKrKX5J6f7nGMiWT5h3S1
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  Shut Down Expert/ShutDown.exe
- Size
  
  444KB
- MD5
  
  2138c5f990ff9c7a338a10655331d0f3
- SHA1
  
  372651f8045e24c47aca3bc208d8e3133608d3a9
- SHA256
  
  85617d13c547c48d934fcb8fa40a89970119ef8c62514f70ca07b1b74050dd8f
- SHA512
  
  4af5807054541b6989f524e88f5499b1337364013cb5831e4a104d6bafe90803ffd328688e5923f9fce1ed0fa10d69d60976d832a876c2a5fed36f45fec3e63b
- SSDEEP
  
  12288:cxbCnXN2sGtWSIXZpD9oqBMwAyX8/SN6F:cx4NcWpZp5BTAys/V
Score

10^/10

modiloader discovery persistence trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader First Stage
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

ModiLoader, DBatLoader

ModiLoader First Stage

UPX packed file

Adds Run key to start application

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8