modiloader | 9a2a9c48e3252a59d5432e7e1d6ee8ac0ba08f0b5192e8124033e916b7244c98

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_614fcb4aafbd74834797651778fda290
Size

1.1MB
Sample

250101-3kgfkasqgl
MD5

614fcb4aafbd74834797651778fda290
SHA1

2b770dd0d245f903d5ac50a40268779c40977f48
SHA256

9a2a9c48e3252a59d5432e7e1d6ee8ac0ba08f0b5192e8124033e916b7244c98
SHA512

9b1710c57873d18336c6830a3255edbc2b338a12b8e6761cba722e375784e31214ec545ece2e85289bd92a40ea068dbecea05b795efbf61a7d6cc87c331ccf2f
SSDEEP

24576:5z04OaYpo8eKAys+h6jzmiw0eWsst2eWssteypkWssmFP:1HOagASh6jz/w6VyVMyJVmR

Score

10^/10

Malware Config

Targets

- Target
  
  Vk brute by Andrey/VK Brut by_andrey52rus.exe
- Size
  
  397KB
- MD5
  
  630eae021be391e129bede18e712a5a2
- SHA1
  
  a66ad530108f488c9b107f9b4403e5020a2f6b78
- SHA256
  
  71b2f811ab97c4258ba730fa19a79851ed90cbddb401162759d77f4186f7132d
- SHA512
  
  f07c9ec90b4a3f0a4be62e0fbb0baeb177d861bf4787cf07b10a0d7f3d0aac06624154217bacc2c5001778bf41caec02c6df5e6aac4417302c41e3f39654b39d
- SSDEEP
  
  6144:8Ly84u9nSO2GjZkD10BIY3rb1YfBdfpoZ3u/Ht52w6JSeiFPXcx+:o+u9nx2GjMY3XKfd/H/9PM+
Score

10^/10

modiloader defense_evasion discovery persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modiloader family
  modiloader
- ModiLoader Second Stage
- Impair Defenses: Safe Mode Boot
  defense_evasion
- Adds Run key to start application
  persistence
behavioral1 behavioral2
- Target
  
  Vk brute by Andrey/VK Brut by_den52rus.exe
- Size
  
  397KB
- MD5
  
  2ac8ce9bbc5c4ca7d3f8145e04a820a8
- SHA1
  
  934bf138d634857d9819c23def492b3b409f8238
- SHA256
  
  f598960de0ba9d5f9954f0f886d5bb9146be2564215c15eb428a035fa25b40b6
- SHA512
  
  4f68339ad78cfb86966784991f42b5d82d5f53ee94d1361637497b8fc7ef4b759f7b26366e7c388f068f9723082df370cf68574e52a7c5480773499eab5ca733
- SSDEEP
  
  6144:8Ly84u9nSO2GjZkD10BIY3rb1YfBdfpoZ3u/Ht52w6JSeiFPXct+:o+u9nx2GjMY3XKfd/H/9PU+
Score

10^/10

modiloader defense_evasion discovery persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modiloader family
  modiloader
- ModiLoader Second Stage
- Impair Defenses: Safe Mode Boot
  defense_evasion
- Adds Run key to start application
  persistence
behavioral3 behavioral4
- Target
  
  Vk brute by Andrey/libeay32.dll
- Size
  
  988KB
- MD5
  
  177bda0c92482dfa2c162a3750932b9c
- SHA1
  
  cb3b8a465fb55e9e0b4bb5a3298a481557a799d5
- SHA256
  
  17a4b75ef43a4fdeedaef86c39bead6719144e3e368b55898b79ecb371012854
- SHA512
  
  d6900cbcd53d2993ea639e70fe7d0b29595153c4ef54eb9c4a264c22963ca64d551dd633ce1c5d657bd371ddeebcff00419d50a13e423d44f25c8ac9f8ccf3d0
- SSDEEP
  
  12288:baTkV9YfAjvnC+pcU0MfHJQXA7WpVn2UNKQbox5b6j6iHk:bOBcnJpcTMve5pV9sQbsejrHk
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  Vk brute by Andrey/msvcr71.dll
- Size
  
  340KB
- MD5
  
  86f1895ae8c5e8b17d99ece768a70732
- SHA1
  
  d5502a1d00787d68f548ddeebbde1eca5e2b38ca
- SHA256
  
  8094af5ee310714caebccaeee7769ffb08048503ba478b879edfef5f1a24fefe
- SHA512
  
  3b7ce2b67056b6e005472b73447d2226677a8cadae70428873f7efa5ed11a3b3dbf6b1a42c5b05b1f2b1d8e06ff50dfc6532f043af8452ed87687eefbf1791da
- SSDEEP
  
  6144:OcV9z83OtqxnEYmt3NEnvfF+Tbmbw6An8FMciFMNrb3YgxxpbCAOxO2ElvlE:Ooz83OtIEzW+/m/AyF7bCrO/E
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  Vk brute by Andrey/ssleay32.dll
- Size
  
  192KB
- MD5
  
  5023f4c4aaaa1b6e9d992d6bbdcd340b
- SHA1
  
  2165b4a8089a7c00dc586c983e8548653a4e0ce4
- SHA256
  
  59b1be1072dd4aca5ddcf9b66d5df8bec327b4891925ba2339fe6ac6a1bf6d19
- SHA512
  
  c2885d8a8daac7ff83991dd81c6b2993c874081ea8877511aedd61e31829b26d33d8d9e433c7c72dd79d4cdf5d2a6e484b980117549770df1d2f2f522f8a0758
- SSDEEP
  
  3072:whsCnSceRcwwWbLhF8KzwtF1TKXpE2y5jfFKRz+AAWeZJHR7u9Ea3Q0du1f:5TRVwWblFrzw31TKRatKVjqJHW3/d
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  Vk brute by Andrey/vk_brut [By Andrey].exe
- Size
  
  397KB
- MD5
  
  92ba33c3dc55feb3526d3e9188f6d885
- SHA1
  
  7ea311bf86af94a7a85258b110e7763bf1359b51
- SHA256
  
  9119dbe59099d0af235897f4e2d117f7502cecbcaa132036894ed2036dba67c1
- SHA512
  
  2191cd09ab1536d80e63d81cb4d53f64f9f1cd655006dfa85b94fae1768ce93653d406b8c76a6771f9e91d3f1e8dcb11c8f81ebdf0916629e2c451791a53dde4
- SSDEEP
  
  6144:cLy84u9nSO2GjZkD10BIY3rb1YfBdfpoZ3u/Ht52w6JSeiFPX6PP:I+u9nx2GjMY3XKfd/H/9PMP
Score

10^/10

modiloader defense_evasion discovery persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modiloader family
  modiloader
- ModiLoader Second Stage
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Impair Defenses: Safe Mode Boot
  defense_evasion
- Adds Run key to start application
  persistence
behavioral11 behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Impair Defenses

T1562

Safe Mode Boot

T1562.009

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

ModiLoader, DBatLoader

Modiloader family

ModiLoader Second Stage

Impair Defenses: Safe Mode Boot

Adds Run key to start application

ModiLoader, DBatLoader

Modiloader family

ModiLoader Second Stage

Impair Defenses: Safe Mode Boot

Adds Run key to start application

ModiLoader, DBatLoader

Modiloader family

ModiLoader Second Stage

Boot or Logon Autostart Execution: Active Setup

Impair Defenses: Safe Mode Boot

Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12