modiloader | abecee861e0311642dbcd28e48d10ff6673ad999f060db3d50a44f3c2558c730 | Triage

Submit
Reports

Overview

overview

Static

static

e769fe5993...18.exe

windows7-x64

e769fe5993...18.exe

windows10-2004-x64

Sharing

General

Target

e769fe5993c5e3a28432319d9e28cc45_JaffaCakes118
Size

294KB
Sample

240408-n6cbeabh6z
MD5

e769fe5993c5e3a28432319d9e28cc45
SHA1

e6f2cb7d71596ee39a45cb1c2d2e87220795db2f
SHA256

abecee861e0311642dbcd28e48d10ff6673ad999f060db3d50a44f3c2558c730
SHA512

e0f7c3d257900d518ece398e6e1577298d15c399e45e3433630853f42bbc86f844869fd6cf59501dca50aff8b5689a797db2d9b9c907418021cf08ae0e98ab9a
SSDEEP

6144:i4hJQM/KsXoMDGWmV9Jw9DY7yQue0VkIdrbsbo/V3cYC9hUdkv4cwze7ebL0:iQJQIldSNqlYCeq/rYE/VMYC9hakxd1

Score

10^/10

modiloader trojan upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

e769fe5993c5e3a28432319d9e28cc45_JaffaCakes118.exe

Resource

win7-20240221-en

modiloader trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

e769fe5993c5e3a28432319d9e28cc45_JaffaCakes118.exe

Resource

win10v2004-20240319-en

modiloader trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  e769fe5993c5e3a28432319d9e28cc45_JaffaCakes118
- Size
  
  294KB
- MD5
  
  e769fe5993c5e3a28432319d9e28cc45
- SHA1
  
  e6f2cb7d71596ee39a45cb1c2d2e87220795db2f
- SHA256
  
  abecee861e0311642dbcd28e48d10ff6673ad999f060db3d50a44f3c2558c730
- SHA512
  
  e0f7c3d257900d518ece398e6e1577298d15c399e45e3433630853f42bbc86f844869fd6cf59501dca50aff8b5689a797db2d9b9c907418021cf08ae0e98ab9a
- SSDEEP
  
  6144:i4hJQM/KsXoMDGWmV9Jw9DY7yQue0VkIdrbsbo/V3cYC9hUdkv4cwze7ebL0:iQJQIldSNqlYCeq/rYE/VMYC9hakxd1
Score

10^/10

modiloader trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloadertrojanupx

behavioral2

modiloadertrojanupx

© 2018-2024

Terms | Privacy