ModiLoader Malware Analizi
Dosya Ozellikleri
SHA256: 2e2a209e33d4b08ade19f874fab2aa15cf0bf2fb52fc002dd51c29b5f6a706a6
MD5: eb89ba9c20c5ab0968c5248e4184eaf6
Dosya Tipi: exe
Boyut: 718,336 byte
Ilk Gorulme: 2023-01-19
AV Imzasi: AveMariaRAT
Imphash: 5260f092fd156f5df587ffa1785669b9
Raporlayan: abuse_ch
Etiketler: AveMariaRAT, exe, ModiLoader
Statik analiz: metadata tabanli (ornek indirilmedi)
ModiLoader — Malware Profile
ModiLoader. TFG0890000001.exe logistics lure. Microsoft.TeamFoundation Azure DevOps SDK embedded. MySql.Data.MySqlClient MySQL connector. Possible Azure DevOps C2 channel.
Technical Details
Varyanta gore C/C#/VBS/PS1, anti-analysis (VM/debugger check), persistence (Registry/Task Scheduler/Startup folder), payload decryption ve injection (shellcode/PE), fileless execution teknikleri
Capabilities & Behavior
IOC List (1 indicators)
# FILEPATH
2e2a209e33d4b08ade19f874fab2aa15cf0bf2fb52fc002dd51c29b5f6a706a6
| Type | Value | Note |
|---|---|---|
| filepath | 2e2a209e33d4b08ade19f874fab2aa15cf0bf2fb52fc002dd51c29b5f6a706a6 | PDB |