modiloader | 943d86149b1761efc06b3d4700f3dff50be50661cdab80c06b247135c1d27491 | Triage

Submit
Reports

Overview

overview

Static

static

426b0c346d...18.exe

windows7-x64

426b0c346d...18.exe

windows10-2004-x64

Sharing

General

Target

426b0c346df4beed65ea2fa9d94807e3_JaffaCakes118
Size

18KB
Sample

240514-wngr6sha9y
MD5

426b0c346df4beed65ea2fa9d94807e3
SHA1

9e8f46a08e01a6a89e2dd6f324da88da50ad836a
SHA256

943d86149b1761efc06b3d4700f3dff50be50661cdab80c06b247135c1d27491
SHA512

a16b2023b8d72f34264a73066fe3cdabad1547c045119b4d28ae8eba28d5c8d9f70cbc4c6f3f7157df61cc0e8aa81dda9be395560f7779ebcfcf8bac8f19ce9a
SSDEEP

384:7Ew7wknHOYXQdhLGPvCaV4pLS7OGQ8xy1Czc/Dp+c6nne:7Ew7wkHOYEGPvCaV4pLzb1f/Dpl

Score

10^/10

modiloader persistence trojan upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

426b0c346df4beed65ea2fa9d94807e3_JaffaCakes118.exe

Resource

win7-20240221-en

modiloader persistence trojan upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

426b0c346df4beed65ea2fa9d94807e3_JaffaCakes118.exe

Resource

win10v2004-20240426-en

modiloader persistence trojan upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  426b0c346df4beed65ea2fa9d94807e3_JaffaCakes118
- Size
  
  18KB
- MD5
  
  426b0c346df4beed65ea2fa9d94807e3
- SHA1
  
  9e8f46a08e01a6a89e2dd6f324da88da50ad836a
- SHA256
  
  943d86149b1761efc06b3d4700f3dff50be50661cdab80c06b247135c1d27491
- SHA512
  
  a16b2023b8d72f34264a73066fe3cdabad1547c045119b4d28ae8eba28d5c8d9f70cbc4c6f3f7157df61cc0e8aa81dda9be395560f7779ebcfcf8bac8f19ce9a
- SSDEEP
  
  384:7Ew7wknHOYXQdhLGPvCaV4pLS7OGQ8xy1Czc/Dp+c6nne:7Ew7wkHOYEGPvCaV4pLzb1f/Dpl
Score

10^/10

modiloader persistence trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

modiloaderpersistencetrojanupx

behavioral2

modiloaderpersistencetrojanupx

© 2018-2024

Terms | Privacy