modiloader | 42c772a0ed9ef150670b0022196c19cc9cb2f687a5c4c1a01fa65cdf6385c2c0 | Triage

Sharing

General

Target

db1c7f5c7dc521466793ca47e2e1bf7e_JaffaCakes118
Size

60KB
Sample

240911-ylyc9azbpp
MD5

db1c7f5c7dc521466793ca47e2e1bf7e
SHA1

d225b69b2838a197376c9650e6b31dcbf08737e3
SHA256

42c772a0ed9ef150670b0022196c19cc9cb2f687a5c4c1a01fa65cdf6385c2c0
SHA512

b9c470f1770fbb4335e3776f48e74c73cbe4e7104f43ebf57104a97ba8e025b21f1ee1ecf670f12365b44f43fc973fbee55fedfef4c091bb6c15f568474e12e1
SSDEEP

1536:sR5qc1s+xzq4VsY2FTgRT2RvtHwA/lTJ:m1HFVj2Fc+vdwaV

Score

10^/10

modiloader discovery persistence trojan

Malware Config

Targets

- Target
  
  db1c7f5c7dc521466793ca47e2e1bf7e_JaffaCakes118
- Size
  
  60KB
- MD5
  
  db1c7f5c7dc521466793ca47e2e1bf7e
- SHA1
  
  d225b69b2838a197376c9650e6b31dcbf08737e3
- SHA256
  
  42c772a0ed9ef150670b0022196c19cc9cb2f687a5c4c1a01fa65cdf6385c2c0
- SHA512
  
  b9c470f1770fbb4335e3776f48e74c73cbe4e7104f43ebf57104a97ba8e025b21f1ee1ecf670f12365b44f43fc973fbee55fedfef4c091bb6c15f568474e12e1
- SSDEEP
  
  1536:sR5qc1s+xzq4VsY2FTgRT2RvtHwA/lTJ:m1HFVj2Fc+vdwaV
Score

10^/10

modiloader discovery persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies WinLogon for persistence
  persistence
- ModiLoader Second Stage
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdiscoverypersistencetrojan

behavioral2

modiloaderdiscoverypersistencetrojan