ModiLoader Malware Analizi
Dosya Ozellikleri
SHA256: a68afdaf21870e0747dfa4c46670577d0e21b545e8b0225568f2a84819666117
MD5: 88fbd98ce9f10f3b5b14c28cb4514859
Dosya Tipi: exe
Boyut: 1,050,624 byte
Ilk Gorulme: 2022-09-08
AV Imzasi: ModiLoader
Imphash: 45e97a00ecbd587477169510db95872b
Raporlayan: adrian__luca
Etiketler: exe, ModiLoader
Statik analiz: metadata tabanli (ornek indirilmedi)
ModiLoader — Malware Profile
ModiLoader. TFG0890000001.exe logistics lure. Microsoft.TeamFoundation Azure DevOps SDK embedded. MySql.Data.MySqlClient MySQL connector. Possible Azure DevOps C2 channel.
Malware Type
Loader
Programming Language
Delphi
C2 Protocol
HTTP
Target Systems
Windows
Technical Details
Varyanta gore C/C#/VBS/PS1, anti-analysis (VM/debugger check), persistence (Registry/Task Scheduler/Startup folder), payload decryption ve injection (shellcode/PE), fileless execution teknikleri
Capabilities & Behavior
Payload İndirme
Süreç Enjeksiyonu
Modüler Mimari
Kimlik Bilgisi Hırsızlığı
Yanal Hareket
Kalıcılık
Anti-VM/Sandbox
İkincil Payload Dağıtımı
IOC List (1 indicators)
IOC — ModiLoader
# FILEPATH
a68afdaf21870e0747dfa4c46670577d0e21b545e8b0225568f2a84819666117
| Type | Value | Note |
|---|---|---|
| filepath | a68afdaf21870e0747dfa4c46670577d0e21b545e8b0225568f2a84819666117 | PDB |