ModiLoader Malware Analizi
Dosya Ozellikleri
SHA256: cde9ec7999fafb6fecb310839fe5eb87a55be051d5392f15084aa1a7983f23bf
MD5: 2c1d826113fd495c192a2a6829afb343
Dosya Tipi: exe
Boyut: 1,662,445 byte
Ilk Gorulme: 2025-07-22
AV Imzasi: AgentTesla
Imphash: e8a30656287fe831c9782204ed10cd68
Raporlayan: socsol
Etiketler: AgentTesla, dropper, exe, ModiLoader, stealer, xworm
Statik analiz: metadata tabanli (ornek indirilmedi)
ModiLoader — Malware Profile
ModiLoader. TFG0890000001.exe logistics lure. Microsoft.TeamFoundation Azure DevOps SDK embedded. MySql.Data.MySqlClient MySQL connector. Possible Azure DevOps C2 channel.
Technical Details
Varyanta gore C/C#/VBS/PS1, anti-analysis (VM/debugger check), persistence (Registry/Task Scheduler/Startup folder), payload decryption ve injection (shellcode/PE), fileless execution teknikleri
Capabilities & Behavior
IOC List (1 indicators)
# FILEPATH
cde9ec7999fafb6fecb310839fe5eb87a55be051d5392f15084aa1a7983f23bf
| Type | Value | Note |
|---|---|---|
| filepath | cde9ec7999fafb6fecb310839fe5eb87a55be051d5392f15084aa1a7983f23bf | PDB |