modiloader | 6af7f8eb3080f151a0c37874cae90216f9d862705e09027a1985a1dd5f61db1b | Triage

Sharing

General

Target

e6a885b0de5714a18c45a4e059a74309_JaffaCakes118
Size

677KB
Sample

240917-mxql1aygrj
MD5

e6a885b0de5714a18c45a4e059a74309
SHA1

7b4ebafb6ccbd7478151817e5e3193a64b64e8f3
SHA256

6af7f8eb3080f151a0c37874cae90216f9d862705e09027a1985a1dd5f61db1b
SHA512

7ca481468e326bd1d4137f5bac87fe633edbe9dd240034454373c186f0d0f479f11600a0986f3a3ca074ccc222a4f06c2162e6090bcb634664f1e85108866d8e
SSDEEP

12288:A7+qVWNU8vAKmwZ1DvVxz++MW5QMhAM9m96ggm:QeYKmwZ1LTMW5QMh3946

Score

10^/10

modiloader discovery persistence trojan

Malware Config

Targets

- Target
  
  e6a885b0de5714a18c45a4e059a74309_JaffaCakes118
- Size
  
  677KB
- MD5
  
  e6a885b0de5714a18c45a4e059a74309
- SHA1
  
  7b4ebafb6ccbd7478151817e5e3193a64b64e8f3
- SHA256
  
  6af7f8eb3080f151a0c37874cae90216f9d862705e09027a1985a1dd5f61db1b
- SHA512
  
  7ca481468e326bd1d4137f5bac87fe633edbe9dd240034454373c186f0d0f479f11600a0986f3a3ca074ccc222a4f06c2162e6090bcb634664f1e85108866d8e
- SSDEEP
  
  12288:A7+qVWNU8vAKmwZ1DvVxz++MW5QMhAM9m96ggm:QeYKmwZ1LTMW5QMh3946
Score

10^/10

modiloader discovery persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdiscoverypersistencetrojan

behavioral2

modiloaderdiscoverypersistencetrojan