modiloader | 27eaceda6b72c835120f73cbee9f389bc13bae6ff30900f658f8aab4127c6502

General

Target

27eaceda6b72c835120f73cbee9f389bc13bae6ff30900f658f8aab4127c6502N.exe
Size

294KB
Sample

241129-x5srfaslgx
MD5

9c7812b15fefd275c915b693b150c700
SHA1

1abe5655c33c5d546db09613c9b670122bb91705
SHA256

27eaceda6b72c835120f73cbee9f389bc13bae6ff30900f658f8aab4127c6502
SHA512

480cfaf51c828db8d5ffd8bbacb510b5be3ddaeb2c3e81f7a4114dfe7cf902cf0babba398715cd8d5b79c8259ea886a0b160f188a946bb6f5474550c644fb8d1
SSDEEP

6144:AVdYTgSfBuJAvrndiEdsgVwu/vUkvfnXzSEhvHXMjg:W5JAvrnvvz3Ek

Score

10^/10

Malware Config

Targets

- Target
  
  27eaceda6b72c835120f73cbee9f389bc13bae6ff30900f658f8aab4127c6502N.exe
- Size
  
  294KB
- MD5
  
  9c7812b15fefd275c915b693b150c700
- SHA1
  
  1abe5655c33c5d546db09613c9b670122bb91705
- SHA256
  
  27eaceda6b72c835120f73cbee9f389bc13bae6ff30900f658f8aab4127c6502
- SHA512
  
  480cfaf51c828db8d5ffd8bbacb510b5be3ddaeb2c3e81f7a4114dfe7cf902cf0babba398715cd8d5b79c8259ea886a0b160f188a946bb6f5474550c644fb8d1
- SSDEEP
  
  6144:AVdYTgSfBuJAvrndiEdsgVwu/vUkvfnXzSEhvHXMjg:W5JAvrnvvz3Ek
Score

10^/10

modiloader discovery persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modiloader family
  modiloader
- ModiLoader Second Stage
- Server Software Component: Terminal Services DLL
  persistence
- Deletes itself
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Server Software Component

1

T1505

Terminal Services DLL

1

T1505.005

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

ModiLoader, DBatLoader

Modiloader family

ModiLoader Second Stage

Server Software Component: Terminal Services DLL

Deletes itself

Loads dropped DLL

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2