ModiLoader Malware Analizi

Dosya Ozellikleri

SHA256: 2b9ab52795f34af8e45a80c88ebd53c725bcccdab49aee05a8b848566e8c3b28

MD5: e51b30bf9b0c6ac4653a5e0e3d47e53e

Dosya Tipi: exe

Boyut: 1,402,667 byte

Ilk Gorulme: 2021-02-24

AV Imzasi: ModiLoader

Imphash: a1a66d588dcf1394354ebf6ec400c223

Raporlayan: abuse_ch

Etiketler: exe, ModiLoader

Statik analiz: metadata tabanli (ornek indirilmedi)

ModiLoader — Malware Profile

ModiLoader. TFG0890000001.exe logistics lure. Microsoft.TeamFoundation Azure DevOps SDK embedded. MySql.Data.MySqlClient MySQL connector. Possible Azure DevOps C2 channel.

Malware Type
Loader
Programming Language
Delphi
C2 Protocol
HTTP
Target Systems
Windows

Technical Details

Varyanta gore C/C#/VBS/PS1, anti-analysis (VM/debugger check), persistence (Registry/Task Scheduler/Startup folder), payload decryption ve injection (shellcode/PE), fileless execution teknikleri

Capabilities & Behavior

Payload İndirme
Süreç Enjeksiyonu
Modüler Mimari
Kimlik Bilgisi Hırsızlığı
Yanal Hareket
Kalıcılık
Anti-VM/Sandbox
İkincil Payload Dağıtımı

IOC List (1 indicators)

IOC — ModiLoader
# FILEPATH 2b9ab52795f34af8e45a80c88ebd53c725bcccdab49aee05a8b848566e8c3b28
TypeValueNote
filepath 2b9ab52795f34af8e45a80c88ebd53c725bcccdab49aee05a8b848566e8c3b28 PDB
Tags
exeModiLoader