ModiLoader Malware Analizi

Dosya Ozellikleri

SHA256: a68afdaf21870e0747dfa4c46670577d0e21b545e8b0225568f2a84819666117

MD5: 88fbd98ce9f10f3b5b14c28cb4514859

Dosya Tipi: exe

Boyut: 1,050,624 byte

Ilk Gorulme: 2022-09-08

AV Imzasi: ModiLoader

Imphash: 45e97a00ecbd587477169510db95872b

Raporlayan: adrian__luca

Etiketler: exe, ModiLoader

Statik analiz: metadata tabanli (ornek indirilmedi)

ModiLoader — Malware Profile

ModiLoader. TFG0890000001.exe logistics lure. Microsoft.TeamFoundation Azure DevOps SDK embedded. MySql.Data.MySqlClient MySQL connector. Possible Azure DevOps C2 channel.

Malware Type
Loader
Programming Language
Delphi
C2 Protocol
HTTP
Target Systems
Windows

Technical Details

Varyanta gore C/C#/VBS/PS1, anti-analysis (VM/debugger check), persistence (Registry/Task Scheduler/Startup folder), payload decryption ve injection (shellcode/PE), fileless execution teknikleri

Capabilities & Behavior

Payload İndirme
Süreç Enjeksiyonu
Modüler Mimari
Kimlik Bilgisi Hırsızlığı
Yanal Hareket
Kalıcılık
Anti-VM/Sandbox
İkincil Payload Dağıtımı

IOC List (1 indicators)

IOC — ModiLoader
# FILEPATH a68afdaf21870e0747dfa4c46670577d0e21b545e8b0225568f2a84819666117
TypeValueNote
filepath a68afdaf21870e0747dfa4c46670577d0e21b545e8b0225568f2a84819666117 PDB
Tags
exeModiLoader