ModiLoader Malware Analizi
Dosya Ozellikleri
SHA256: 2b9ab52795f34af8e45a80c88ebd53c725bcccdab49aee05a8b848566e8c3b28
MD5: e51b30bf9b0c6ac4653a5e0e3d47e53e
Dosya Tipi: exe
Boyut: 1,402,667 byte
Ilk Gorulme: 2021-02-24
AV Imzasi: ModiLoader
Imphash: a1a66d588dcf1394354ebf6ec400c223
Raporlayan: abuse_ch
Etiketler: exe, ModiLoader
Statik analiz: metadata tabanli (ornek indirilmedi)
ModiLoader — Malware Profile
ModiLoader. TFG0890000001.exe logistics lure. Microsoft.TeamFoundation Azure DevOps SDK embedded. MySql.Data.MySqlClient MySQL connector. Possible Azure DevOps C2 channel.
Malware Type
Loader
Programming Language
Delphi
C2 Protocol
HTTP
Target Systems
Windows
Technical Details
Varyanta gore C/C#/VBS/PS1, anti-analysis (VM/debugger check), persistence (Registry/Task Scheduler/Startup folder), payload decryption ve injection (shellcode/PE), fileless execution teknikleri
Capabilities & Behavior
Payload İndirme
Süreç Enjeksiyonu
Modüler Mimari
Kimlik Bilgisi Hırsızlığı
Yanal Hareket
Kalıcılık
Anti-VM/Sandbox
İkincil Payload Dağıtımı
IOC List (1 indicators)
IOC — ModiLoader
# FILEPATH
2b9ab52795f34af8e45a80c88ebd53c725bcccdab49aee05a8b848566e8c3b28
| Type | Value | Note |
|---|---|---|
| filepath | 2b9ab52795f34af8e45a80c88ebd53c725bcccdab49aee05a8b848566e8c3b28 | PDB |