modiloader | c58859e13bb3afe16416c530f444066a136c221811403dcddde1595adbcfd1d9 | Triage

Sharing

General

Target

e8f8a8237cf663f3a2afdb6b45d5d418_JaffaCakes118
Size

453KB
Sample

241213-apbrnasnby
MD5

e8f8a8237cf663f3a2afdb6b45d5d418
SHA1

0b9da9813e79f06cc7d8f67e4905326889390eb3
SHA256

c58859e13bb3afe16416c530f444066a136c221811403dcddde1595adbcfd1d9
SHA512

fb455f562afd71ddc3dc8bbd50054556bd2543b2458911af526df8ab14dd32c3f87ff0b6c9a2ce54ef05c60bf9c60115c4975abaea1396fa6edbffbf88e5ee30
SSDEEP

12288:l+P3pEky87C3RxuRna2/GxtSJLmtdnmjQbF8rW:sPZEkJgR8Rna2/GxElmtdnnt

Score

10^/10

modiloader discovery trojan

Malware Config

Targets

- Target
  
  LiQQ/77169.org˵.htm
- Size
  
  5KB
- MD5
  
  d122408c88ea147d35137fa775d78d32
- SHA1
  
  818dfc81160c9e783e195d914d4b2ad81417a2d2
- SHA256
  
  1a246e720e02d8b2f9c59eebb673e48885d6d7a8fb194b5f4f0de57df28c4812
- SHA512
  
  4c1963e822bd52ced208c5906de4901349717b5fed2367b028a4dc8923d8c04f0fa25b8b9c5cf32391acc750a594de4107af71118416cfbe04a53b326634b917
- SSDEEP
  
  96:m1OQF/fRA2RWhwM6w6mheySgh/SnqjQhhwQ0660X8bJhnYOPMj1zNMXlGvak:mXF/JA0VdIYehN2hwQpZ+JhnYOPMjxNJ
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  LiQQ/LiQQ.exe
- Size
  
  875KB
- MD5
  
  4e12fffe7cc173e934c5b47ce6c55b51
- SHA1
  
  15a5e88deaa16d276eccdf95386c8b3df2b9e15c
- SHA256
  
  e8e45f1a8b9bda820ba5a1478c5685c3a66164e87ac053eddcd2b2450e88a188
- SHA512
  
  6009431c0c28f5e2d00bff1dd7bae268a66f4bd46f9bd8e59f9ac927b75bc4dfb8293e5356d772d55bf6bf346c6698cab6598145895aa25765500196e8f903b3
- SSDEEP
  
  12288:a7ZqtLknJc3svE/LG3AtkGZBneYc6d0H31i40c0XsHoYfnaY3xJPWty4D2ZJe1bC:eZaQ+3svD3bGndC08dxJ+GL/V
Score

10^/10

modiloader discovery trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modiloader family
  modiloader
- ModiLoader Second Stage
behavioral3 behavioral4
- Target
  
  LiQQ/qq.asp
- Size
  
  626B
- MD5
  
  59c09c32a82373dfc55515458ece05f5
- SHA1
  
  2e02de1b8c2ee2a7c0e915e8acdea06e723854ab
- SHA256
  
  ff9576637084fd129ee9a242581591878a0da53d618dc7c0fda27befb9f6ca1c
- SHA512
  
  7bf1de15aad59b5d6264d6d62527ff98dcf62a18bc7c058764cde61a8951798f41e67d6713de578c8327642ad4de1b7c7a10a9847dade65de5abb3e2924d87f4
Score

1^/10
behavioral5 behavioral6
- Target
  
  LiQQ/ĺڿͬ.url
- Size
  
  76B
- MD5
  
  05ed0537b8052c33a9096c68b4d1d905
- SHA1
  
  19fccec1f302e67908f386ac239d31e2edd7b820
- SHA256
  
  0aeee0ba3eac8e4787109250c895aa0cfbce84416acdec154c33129cb65a56e9
- SHA512
  
  d633e68263362b027c53df7a3d463ab6db8361702f718670f1717cea6785f4d7a3abcae77d8bb27b40221ef47c54b4ddead00c690468b9339235848948071127
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

modiloaderdiscoverytrojan

behavioral4

modiloaderdiscoverytrojan

behavioral5

behavioral6

behavioral7

behavioral8