ModiLoader Malware Analizi
Dosya Ozellikleri
SHA256: bea787acfc0effd615ab72ab1be2d18bb7b1eb07bed15b013bdbbf3c61b5fd86
MD5: f6ee56d33034e75411eba8141e3d78d6
Dosya Tipi: exe
Boyut: 1,060,184 byte
Ilk Gorulme: 2020-12-09
AV Imzasi: ModiLoader
Imphash: b533f6ccb714ea0a0f83e1cff60dbfe0
Raporlayan: abuse_ch
Etiketler: exe, geo, ITA, ModiLoader
Statik analiz: metadata tabanli (ornek indirilmedi)
ModiLoader — Malware Profile
ModiLoader. TFG0890000001.exe logistics lure. Microsoft.TeamFoundation Azure DevOps SDK embedded. MySql.Data.MySqlClient MySQL connector. Possible Azure DevOps C2 channel.
Technical Details
Varyanta gore C/C#/VBS/PS1, anti-analysis (VM/debugger check), persistence (Registry/Task Scheduler/Startup folder), payload decryption ve injection (shellcode/PE), fileless execution teknikleri
Capabilities & Behavior
IOC List (1 indicators)
# FILEPATH
bea787acfc0effd615ab72ab1be2d18bb7b1eb07bed15b013bdbbf3c61b5fd86
| Type | Value | Note |
|---|---|---|
| filepath | bea787acfc0effd615ab72ab1be2d18bb7b1eb07bed15b013bdbbf3c61b5fd86 | PDB |