modiloader | 7d2716f3b79db643b7655c6ff6fdb50c020c6a2a38c6b5b4b92c2ed4ca0aad3e | Triage

Sharing

General

Target

7d2716f3b79db643b7655c6ff6fdb50c020c6a2a38c6b5b4b92c2ed4ca0aad3e.exe
Size

397KB
Sample

241202-gsfncaxrfj
MD5

ddce9a37dd70bcc41a12995ff970b467
SHA1

5458fd2c71ddc8b62bf32ddea8f76b3edac18c3c
SHA256

7d2716f3b79db643b7655c6ff6fdb50c020c6a2a38c6b5b4b92c2ed4ca0aad3e
SHA512

3607e77692852d15def7cad717f6879651de285d40cefac8598a92dd682b3b41994aa0eb6eb4f14455c97ab939daa9bca430a994666de4c7257ab88b8d3fdaf9
SSDEEP

6144:MLy84u9nSO2GjZkD10BIY3rb1YfBdfpoZ3u/Ht52w6JSeiFPXz4D:Y+u9nx2GjMY3XKfd/H/9PMD

Score

10^/10

modiloader defense_evasion discovery persistence trojan

Malware Config

Targets

- Target
  
  7d2716f3b79db643b7655c6ff6fdb50c020c6a2a38c6b5b4b92c2ed4ca0aad3e.exe
- Size
  
  397KB
- MD5
  
  ddce9a37dd70bcc41a12995ff970b467
- SHA1
  
  5458fd2c71ddc8b62bf32ddea8f76b3edac18c3c
- SHA256
  
  7d2716f3b79db643b7655c6ff6fdb50c020c6a2a38c6b5b4b92c2ed4ca0aad3e
- SHA512
  
  3607e77692852d15def7cad717f6879651de285d40cefac8598a92dd682b3b41994aa0eb6eb4f14455c97ab939daa9bca430a994666de4c7257ab88b8d3fdaf9
- SSDEEP
  
  6144:MLy84u9nSO2GjZkD10BIY3rb1YfBdfpoZ3u/Ht52w6JSeiFPXz4D:Y+u9nx2GjMY3XKfd/H/9PMD
Score

10^/10

modiloader defense_evasion discovery persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modiloader family
  modiloader
- ModiLoader Second Stage
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Impair Defenses: Safe Mode Boot
  defense_evasion
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Safe Mode Boot

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdefense_evasiondiscoverypersistencetrojan

behavioral2

modiloaderdefense_evasiondiscoverypersistencetrojan