ModiLoader Malware Analizi
Dosya Ozellikleri
SHA256: 40870b8167513757fd7d369a7db8f32b828a0ba1540d88324ff19867f9045494
MD5: 2af059a1274721e90ce015d25c3a8ff3
Dosya Tipi: exe
Boyut: 2,545,664 byte
Ilk Gorulme: 2023-11-14
AV Imzasi: RemcosRAT
Imphash: 810ddebb5441ef7b92d6977b1440799a
Raporlayan: smica83
Etiketler: exe, HUN, ModiLoader, RemcosRAT
Statik analiz: metadata tabanli (ornek indirilmedi)
ModiLoader — Malware Profile
ModiLoader. TFG0890000001.exe logistics lure. Microsoft.TeamFoundation Azure DevOps SDK embedded. MySql.Data.MySqlClient MySQL connector. Possible Azure DevOps C2 channel.
Technical Details
Varyanta gore C/C#/VBS/PS1, anti-analysis (VM/debugger check), persistence (Registry/Task Scheduler/Startup folder), payload decryption ve injection (shellcode/PE), fileless execution teknikleri
Capabilities & Behavior
IOC List (1 indicators)
# FILEPATH
40870b8167513757fd7d369a7db8f32b828a0ba1540d88324ff19867f9045494
| Type | Value | Note |
|---|---|---|
| filepath | 40870b8167513757fd7d369a7db8f32b828a0ba1540d88324ff19867f9045494 | PDB |