modiloader | 39c9e2a25b79ee2213e4ebd82be4e542d5419784c23f2bc22082323b43cf651f | Triage

Submit
Reports

Overview

overview

Static

static

eab464e1e1...18.exe

windows7-x64

eab464e1e1...18.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

eab464e1e1102a980966e85ed343805b_JaffaCakes118
Size

20KB
Sample

240410-kv726ada7s
MD5

eab464e1e1102a980966e85ed343805b
SHA1

bb8565653c7cebc946e1ecc5373331550a6cfe5e
SHA256

39c9e2a25b79ee2213e4ebd82be4e542d5419784c23f2bc22082323b43cf651f
SHA512

7a438abc7a621efd39862fd8009ce07c277cd4ee60467fbcc7c389fdb82bfda4bbcb804794cbc7055c9e81a324dcda072da452c5da896521a11b4c09bf068bb2
SSDEEP

384:66kmfvjID+AZ39UgfjZN47SEKUxWXmis9dqsN9d26HJClWt:Bkm2/agdOSvXmisXNz26D

Score

10^/10

modiloader evasion trojan upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

eab464e1e1102a980966e85ed343805b_JaffaCakes118.exe

Resource

win7-20240220-en

modiloader evasion trojan upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

eab464e1e1102a980966e85ed343805b_JaffaCakes118.exe

Resource

win10v2004-20240226-en

modiloader evasion trojan upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  eab464e1e1102a980966e85ed343805b_JaffaCakes118
- Size
  
  20KB
- MD5
  
  eab464e1e1102a980966e85ed343805b
- SHA1
  
  bb8565653c7cebc946e1ecc5373331550a6cfe5e
- SHA256
  
  39c9e2a25b79ee2213e4ebd82be4e542d5419784c23f2bc22082323b43cf651f
- SHA512
  
  7a438abc7a621efd39862fd8009ce07c277cd4ee60467fbcc7c389fdb82bfda4bbcb804794cbc7055c9e81a324dcda072da452c5da896521a11b4c09bf068bb2
- SSDEEP
  
  384:66kmfvjID+AZ39UgfjZN47SEKUxWXmis9dqsN9d26HJClWt:Bkm2/agdOSvXmisXNz26D
Score

10^/10

modiloader evasion trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Stops running service(s)
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

modiloaderevasiontrojanupx

behavioral2

modiloaderevasiontrojanupx

© 2018-2025

Terms | Privacy