modiloader | 38b3ed66ac80892a8564b4f7896cf97249db45e002ed0d2008da4c27fa984cfe

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_08e454a691a4836663a117c9c43f6323
Size

1.4MB
Sample

250122-a645jazkc1
MD5

08e454a691a4836663a117c9c43f6323
SHA1

e1a0c968af234ea32acec2cbe06cb903635c78f2
SHA256

38b3ed66ac80892a8564b4f7896cf97249db45e002ed0d2008da4c27fa984cfe
SHA512

06a6a3350ea979d9a1b7eec17d7c94f754890e3a63f5102b53ffc64ddb8481c46ff9bcf5605091f686b78a59f2fbee9911dfc1dda419050f238f26f48cf107e0
SSDEEP

24576:Dkce2OiadG/s07CoSi2+fbj36/US4llFTMnQPyH59q4M5L+pvC2PsY7CiAz:c2Oi6G97CodfH6/z4llSdZo4Zp62kYWr

Score

10^/10

Malware Config

Targets

- Target
  
  JaffaCakes118_08e454a691a4836663a117c9c43f6323
- Size
  
  1.4MB
- MD5
  
  08e454a691a4836663a117c9c43f6323
- SHA1
  
  e1a0c968af234ea32acec2cbe06cb903635c78f2
- SHA256
  
  38b3ed66ac80892a8564b4f7896cf97249db45e002ed0d2008da4c27fa984cfe
- SHA512
  
  06a6a3350ea979d9a1b7eec17d7c94f754890e3a63f5102b53ffc64ddb8481c46ff9bcf5605091f686b78a59f2fbee9911dfc1dda419050f238f26f48cf107e0
- SSDEEP
  
  24576:Dkce2OiadG/s07CoSi2+fbj36/US4llFTMnQPyH59q4M5L+pvC2PsY7CiAz:c2Oi6G97CodfH6/z4llSdZo4Zp62kYWr
Score

4^/10
behavioral1 behavioral2
- Target
  
  Client.exe
- Size
  
  373KB
- MD5
  
  00688d5e67140c85d4e899f943e8ed81
- SHA1
  
  d0be95ce2fc8142cbe13c675a20d4a865a1df09b
- SHA256
  
  3011df76d500eef287cd6f22f9530eb63888e0fffef1c5c275175fdd996ffe52
- SHA512
  
  aef2486d50bf9a47c2e46ac0169e7c5ff42b9349dec973bf7c0f10a2b8e44d0c1ee8bb2e5874775dbdd4c53bfec1ac5e70b61130f341094d2fe839e622b9354c
- SSDEEP
  
  6144:HAHYB5taK0hsFxg9gSZZwQcWfuYNncsBhAgtsKKvjFLv/y4jW9RSqBuAtfJ/4:gHi5tShszg9gSDdLfuknTnWJHy4IRSWF
Score

10^/10

modiloader discovery trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modiloader family
  modiloader
- ModiLoader Second Stage
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral3 behavioral4
- Target
  
  Editor.exe
- Size
  
  359KB
- MD5
  
  f7d7317baf021642c824b99cd1dea331
- SHA1
  
  6e1c9f3f040cbd8515a4be0188ce77f921d9aea5
- SHA256
  
  c2fe95570407c7eab0933dfedc4eba9a66e0b3a8b68aaadf4d10b615bb44e149
- SHA512
  
  46a97f1d4e7ca0176e726cbeaee4a585301ad4feafc664e7ce1554f74c6b89e3b3dbab37b3df520f9814e09cdc2a23e40803c077b28eb668402c5d4096c54e49
- SSDEEP
  
  6144:UVrWRxPlw/cZ2GU1ZPWR9SGbu6v+slgVRkPckdDynX8uqQ7Qt:UVrWNSCjIWR9SmLIRkPRd+Pk
Score

10^/10

modiloader discovery trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modiloader family
  modiloader
- ModiLoader Second Stage
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral5 behavioral6
- Target
  
  OptixPRO Tutorial german.pdf
- Size
  
  307KB
- MD5
  
  5facdc13577f4ad2babfe7d125154298
- SHA1
  
  111b377b23931c0fb5813e269af077a6fbdc108c
- SHA256
  
  cebd792c17c5135cb1dcddfe349772b80525c89f5b41a760e4289b15107761dc
- SHA512
  
  9520aae25d77a2900b0212cbcc9e0bc109667fb6c6efe8928fc9f6f22f02cc03f86ce52553d1267643b0adda8e09add1a80f3e48e191dea1de11130da38def21
- SSDEEP
  
  6144:At3YS7fKkRbBAOPV9vRv41QLPmI7JYb0DVzesMqv:WYKtbBnPr5vIQLtV6g
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  Server.exe
- Size
  
  871KB
- MD5
  
  384104967fb35e3d459552f8bc104fae
- SHA1
  
  97b85538978d75502744012a6b5f1023f09d4ed1
- SHA256
  
  a1b29d36cf876f7ef48d3902ca60f5f444c30bee0515e15bbc8ac04fedc3978e
- SHA512
  
  8d16e3698e6baad4bfa4b048a564729e7ec5efc35dc1e7079466a8c811efb00015da43ad3b02d8a87d0a1fc4dc6bf3a54081ec422761517dada52211918c11e5
- SSDEEP
  
  12288:OCnrin3t/UCdwfTnbJO1DMopqQMUsS39d9kRDuwKqS4NroyV3x6rFWlERpML0b:Nnrind/U4vqQ+S39daRDuUSUh6S6pMLa
Score

10^/10

modiloader discovery persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modiloader family
  modiloader
- ModiLoader Second Stage
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral10 behavioral9
- Target
  
  README.txt
- Size
  
  10KB
- MD5
  
  1ecf1dcfc26c9b7559baa5d527378257
- SHA1
  
  09d0bcd9d4dfc77aa63f02ae4bd7b165127efa98
- SHA256
  
  6c256fcadd537f3ffbdb9f0e1e57946141defbf5fa4155ce84443380276ae6cc
- SHA512
  
  d41014d85be6bccfe7d9a65ee4560496cef2285d7f9006470b0c8c36cfbbfaacc2ec83157275dd827e685c96790a2663f5d2be82ae88c4af1a8b07bd29b0183d
- SSDEEP
  
  192:PBDQoJ0HNJIqMAvxQPS3AHtyMAT9JZnMVbudxsCWjfcPQJHcc8Y5:3J+0QK8AHt1uTnWbdHcct5
Score

1^/10
behavioral11 behavioral12
- Target
  
  setup.cgi
- Size
  
  15KB
- MD5
  
  86be38f00562db610b793b264700a9bb
- SHA1
  
  f30e7c822ab79fb3c0852b42c0df990a88a35e93
- SHA256
  
  7a1cdc4657a9ad76631e6f084eaac6085ab28001e66634207e78e65f82438806
- SHA512
  
  66172fdce1d1477e318135c0eba1f4606d27cb806a64637ec0915447721ef4a119d1faffe130c39033fd9a75a4098a01ab04480001f99f3a99680ed9dabbb078
- SSDEEP
  
  192:tYN8eNBxD8Y/pEO69KM4Ito9vNORuKvluRAIicEvE3TKJwgVTX2:m60NJ7M4rOMYURA7aOi
Score

6^/10

execution
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
behavioral13 behavioral14
- Target
  
  subseven.cgi
- Size
  
  76KB
- MD5
  
  479625ab7b54c65ae34c9a1bafeab345
- SHA1
  
  0fe817240d945b876172c0a2db06d0e7492b4506
- SHA256
  
  ff7e55607ebb548fb761049078e5e0e46ed112499126f39b104ceb115741a295
- SHA512
  
  e44c70682fac5d0c2e5c68f106a08be268c49c4f0ae2bd529127f1d5cdf1d4c5b2974d7f5afb985c557e30a940be3f5db41008c54aef0cb3c5ea61fd94623dcc
- SSDEEP
  
  768:pNvnCfbsFL8x6GKBNdwFKuD7vA4T26wP7MMKKnpemtzGfPPNGOpd4Xc6+Tl5PqV6:pVC8L8N8XuYvJsGOpd4Xv+Tl5PqA
Score

3^/10

execution
behavioral15 behavioral16

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

ModiLoader, DBatLoader

Modiloader family

ModiLoader Second Stage

UPX packed file

ModiLoader, DBatLoader

Modiloader family

ModiLoader Second Stage

UPX packed file

ModiLoader, DBatLoader

Modiloader family

ModiLoader Second Stage

Executes dropped EXE

Adds Run key to start application

Command and Scripting Interpreter: PowerShell

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16