ModiLoader Malware Analizi

Dosya Ozellikleri

SHA256: 3a0b0499401f4c77a799db828f6ffe6651eb355cef6f5df9c93a2d6b3b961ac2

MD5: 35e6a265c5dcd0bf1e30507b4fdf4c44

Dosya Tipi: zip

Boyut: 365,303 byte

Ilk Gorulme: 2022-12-05

AV Imzasi: ModiLoader

Raporlayan: peeterzerblat

Etiketler: ModiLoader, zip

Statik analiz: metadata tabanli (ornek indirilmedi)

ModiLoader — Malware Profile

ModiLoader. TFG0890000001.exe logistics lure. Microsoft.TeamFoundation Azure DevOps SDK embedded. MySql.Data.MySqlClient MySQL connector. Possible Azure DevOps C2 channel.

Malware Type
Loader
Programming Language
Delphi
C2 Protocol
HTTP
Target Systems
Windows

Technical Details

Varyanta gore C/C#/VBS/PS1, anti-analysis (VM/debugger check), persistence (Registry/Task Scheduler/Startup folder), payload decryption ve injection (shellcode/PE), fileless execution teknikleri

Capabilities & Behavior

Payload İndirme
Süreç Enjeksiyonu
Modüler Mimari
Kimlik Bilgisi Hırsızlığı
Yanal Hareket
Kalıcılık
Anti-VM/Sandbox
İkincil Payload Dağıtımı

IOC List (1 indicators)

IOC — ModiLoader
# FILEPATH 3a0b0499401f4c77a799db828f6ffe6651eb355cef6f5df9c93a2d6b3b961ac2
TypeValueNote
filepath 3a0b0499401f4c77a799db828f6ffe6651eb355cef6f5df9c93a2d6b3b961ac2 PDB
Tags
ModiLoaderzip