modiloader | fe686b4b079ba988bfc5fb525c402ab703c31d2efe8ebca3cfb3198b1b949ce1

Sharing

Copy URL

Twitter E-mail

General

Target

abfb3723cdc0973524e55a1b585e8d4a_JaffaCakes118
Size

477KB
Sample

241128-mcc56strgy
MD5

abfb3723cdc0973524e55a1b585e8d4a
SHA1

24b60f0c5dddf7c5121d7df888d5616e337011e8
SHA256

fe686b4b079ba988bfc5fb525c402ab703c31d2efe8ebca3cfb3198b1b949ce1
SHA512

d9a50af889f9bb98cdf588ae0319bda5e050adefec8ef0f98a29baab4ed59cff115a55536871bdc10bc137e637ec5092196952648a703be69ab02b76e1c31556
SSDEEP

12288:P0tHnt5RrYQdb2lhM1/AcFaH83XVnBdwODOZW7kLf:c9l04ilh9CaH8HJGWQ7

Score

10^/10

Malware Config

Targets

- Target
  
  20041206224715280/77169.org˵.htm
- Size
  
  5KB
- MD5
  
  d122408c88ea147d35137fa775d78d32
- SHA1
  
  818dfc81160c9e783e195d914d4b2ad81417a2d2
- SHA256
  
  1a246e720e02d8b2f9c59eebb673e48885d6d7a8fb194b5f4f0de57df28c4812
- SHA512
  
  4c1963e822bd52ced208c5906de4901349717b5fed2367b028a4dc8923d8c04f0fa25b8b9c5cf32391acc750a594de4107af71118416cfbe04a53b326634b917
- SSDEEP
  
  96:m1OQF/fRA2RWhwM6w6mheySgh/SnqjQhhwQ0660X8bJhnYOPMj1zNMXlGvak:mXF/JA0VdIYehN2hwQpZ+JhnYOPMjxNJ
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  20041206224715280/Client.CHS
- Size
  
  137KB
- MD5
  
  0a33a582096615809f6777363a9a7621
- SHA1
  
  9cfe9724684f4843930977eff21e6526c3b6eadb
- SHA256
  
  36d127f8488c7236abb52b0de668fab771d4c79d0e585b4780c9b704338b623c
- SHA512
  
  caf2f5a195bf59a696c30ac6c34670e655e1b1683de026259540aeac0e412618ebe588a448a2d650d853d6c0010859b8372ebd54d25a325df71d901ac5cef346
- SSDEEP
  
  768:fyTFx0nFuN2A9pcrjfh1EcgJl5WK+rWmxxyTprWXxI8prWXxIMprWXxIFprWXxIw:+eFPASjIcgr5ZLTwgpOWEh66O8As5n5
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  20041206224715280/Client.exe
- Size
  
  309KB
- MD5
  
  4c129737610e38491c2d98cf0b4402b6
- SHA1
  
  08ff4f042053d6171e3c8bdcf727384d3a0bc6d1
- SHA256
  
  752a1cc44476a633cab2acc04eb01c32c68af2afbacbd8e8e65b45c55dd24881
- SHA512
  
  7b2de980f9a355cc196f0f442e9be3d760ec09e8ac94e75bd44d9e589401f2003c6f8cee1799e6519a0215721c4a315736b0db5391e81ea13e5631986a7f0dc9
- SSDEEP
  
  6144:I+LX9TnhE9hHunknoaR4+u1+O1pPMwRj3486U612U:hXxhEhR9u1+OPPMGjI8R612
Score

10^/10

modiloader discovery trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modiloader family
  modiloader
- ModiLoader Second Stage
behavioral5 behavioral6
- Target
  
  20041206224715280/cgilogger/README.txt
- Size
  
  10KB
- MD5
  
  1ecf1dcfc26c9b7559baa5d527378257
- SHA1
  
  09d0bcd9d4dfc77aa63f02ae4bd7b165127efa98
- SHA256
  
  6c256fcadd537f3ffbdb9f0e1e57946141defbf5fa4155ce84443380276ae6cc
- SHA512
  
  d41014d85be6bccfe7d9a65ee4560496cef2285d7f9006470b0c8c36cfbbfaacc2ec83157275dd827e685c96790a2663f5d2be82ae88c4af1a8b07bd29b0183d
- SSDEEP
  
  192:PBDQoJ0HNJIqMAvxQPS3AHtyMAT9JZnMVbudxsCWjfcPQJHcc8Y5:3J+0QK8AHt1uTnWbdHcct5
Score

1^/10
behavioral7 behavioral8
- Target
  
  20041206224715280/cgilogger/setup.cgi
- Size
  
  15KB
- MD5
  
  86be38f00562db610b793b264700a9bb
- SHA1
  
  f30e7c822ab79fb3c0852b42c0df990a88a35e93
- SHA256
  
  7a1cdc4657a9ad76631e6f084eaac6085ab28001e66634207e78e65f82438806
- SHA512
  
  66172fdce1d1477e318135c0eba1f4606d27cb806a64637ec0915447721ef4a119d1faffe130c39033fd9a75a4098a01ab04480001f99f3a99680ed9dabbb078
- SSDEEP
  
  192:tYN8eNBxD8Y/pEO69KM4Ito9vNORuKvluRAIicEvE3TKJwgVTX2:m60NJ7M4rOMYURA7aOi
Score

6^/10

execution
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
behavioral10 behavioral9
- Target
  
  20041206224715280/cgilogger/subseven.cgi
- Size
  
  76KB
- MD5
  
  479625ab7b54c65ae34c9a1bafeab345
- SHA1
  
  0fe817240d945b876172c0a2db06d0e7492b4506
- SHA256
  
  ff7e55607ebb548fb761049078e5e0e46ed112499126f39b104ceb115741a295
- SHA512
  
  e44c70682fac5d0c2e5c68f106a08be268c49c4f0ae2bd529127f1d5cdf1d4c5b2974d7f5afb985c557e30a940be3f5db41008c54aef0cb3c5ea61fd94623dcc
- SSDEEP
  
  768:pNvnCfbsFL8x6GKBNdwFKuD7vA4T26wP7MMKKnpemtzGfPPNGOpd4Xc6+Tl5PqV6:pVC8L8N8XuYvJsGOpd4Xv+Tl5PqA
Score

3^/10

execution
behavioral11 behavioral12
- Target
  
  20041206224715280/server.exe
- Size
  
  217KB
- MD5
  
  b085280cbbf3d0fd3a5464baeefa1ead
- SHA1
  
  27ac1205e90a4a5036cbd776dbd16fc1b6857b8f
- SHA256
  
  676cc781d63343a5511666f88409822d87fee0f5680b4d9281527cd67aed1983
- SHA512
  
  b90715c6cbcf2070ebbebe04026a724230f7a2c69504e3a716ae01e9e541bf9450d75145cdbeff1c7b51ab22b4d05ea86303af779b226671724d99a1f18587e2
- SSDEEP
  
  6144:dteS9JWLN2dAlHz+kjuPyD6takN0RrjBAci:/9JsIdAlHz+9fSjBAN
Score

10^/10

modiloader discovery persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modiloader family
  modiloader
- ModiLoader Second Stage
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral13 behavioral14
- Target
  
  20041206224715280/ĺڿͬ.url
- Size
  
  76B
- MD5
  
  05ed0537b8052c33a9096c68b4d1d905
- SHA1
  
  19fccec1f302e67908f386ac239d31e2edd7b820
- SHA256
  
  0aeee0ba3eac8e4787109250c895aa0cfbce84416acdec154c33129cb65a56e9
- SHA512
  
  d633e68263362b027c53df7a3d463ab6db8361702f718670f1717cea6785f4d7a3abcae77d8bb27b40221ef47c54b4ddead00c690468b9339235848948071127
Score

1^/10
behavioral15 behavioral16

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

ModiLoader, DBatLoader

Modiloader family

ModiLoader Second Stage

Command and Scripting Interpreter: PowerShell

ModiLoader, DBatLoader

Modiloader family

ModiLoader Second Stage

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16