ModiLoader Malware-Analyse

Dateieigenschaften

SHA256: f7548d3107c311afddf7827c19a4154bf0e9359cc294e9169042ccd3cc290227

MD5: 1573b52c2d0b3d410e73a3a1495565d0

Dateityp: exe

Größe: 840,192 byte

Erstsichtung: 2022-05-03

AV-Signatur: BitRAT

Imphash: e96f0f2282c9506da8169ca64b3d06c8

Gemeldet von: pr0xylife

Tags: BitRAT, exe, ModiLoader, xenarmor

Statische Analyse: metadatenbasiert (Sample nicht heruntergeladen)

ModiLoader — Malware-Profil

ModiLoader. TFG0890000001.exe logistics lure. Microsoft.TeamFoundation Azure DevOps SDK embedded. MySql.Data.MySqlClient MySQL connector. Possible Azure DevOps C2 channel.

Malware-Typ
Loader
Programmiersprache
Delphi
C2-Protokoll
HTTP
Zielsysteme
Windows

Technische Details

Varyanta gore C/C#/VBS/PS1, anti-analysis (VM/debugger check), persistence (Registry/Task Scheduler/Startup folder), payload decryption ve injection (shellcode/PE), fileless execution teknikleri

Fähigkeiten & Verhalten

Payload İndirme
Süreç Enjeksiyonu
Modüler Mimari
Kimlik Bilgisi Hırsızlığı
Yanal Hareket
Kalıcılık
Anti-VM/Sandbox
İkincil Payload Dağıtımı

IOC-Liste (1 Indikatoren)

IOC — ModiLoader
# FILEPATH f7548d3107c311afddf7827c19a4154bf0e9359cc294e9169042ccd3cc290227
TypWertBemerkung
filepath f7548d3107c311afddf7827c19a4154bf0e9359cc294e9169042ccd3cc290227 PDB
Tags
BitRATexeModiLoaderxenarmor