modiloader | 943d86149b1761efc06b3d4700f3dff50be50661cdab80c06b247135c1d27491 | Triage

Submit
Reports

Overview

overview

Static

static

426b0c346d...18.exe

windows7-x64

426b0c346d...18.exe

windows10-2004-x64

Sharing

General

Target

426b0c346df4beed65ea2fa9d94807e3_JaffaCakes118
Size

18KB
Sample

240514-wngr6sha9y
MD5

426b0c346df4beed65ea2fa9d94807e3
SHA1

9e8f46a08e01a6a89e2dd6f324da88da50ad836a
SHA256

943d86149b1761efc06b3d4700f3dff50be50661cdab80c06b247135c1d27491
SHA512

a16b2023b8d72f34264a73066fe3cdabad1547c045119b4d28ae8eba28d5c8d9f70cbc4c6f3f7157df61cc0e8aa81dda9be395560f7779ebcfcf8bac8f19ce9a
SSDEEP

384:7Ew7wknHOYXQdhLGPvCaV4pLS7OGQ8xy1Czc/Dp+c6nne:7Ew7wkHOYEGPvCaV4pLzb1f/Dpl

Score

10^/10

modiloader persistence trojan upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

426b0c346df4beed65ea2fa9d94807e3_JaffaCakes118.exe

Resource

win7-20240221-en

modiloader persistence trojan upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

426b0c346df4beed65ea2fa9d94807e3_JaffaCakes118.exe

Resource

win10v2004-20240426-en

modiloader persistence trojan upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  426b0c346df4beed65ea2fa9d94807e3_JaffaCakes118
- Size
  
  18KB
- MD5
  
  426b0c346df4beed65ea2fa9d94807e3
- SHA1
  
  9e8f46a08e01a6a89e2dd6f324da88da50ad836a
- SHA256
  
  943d86149b1761efc06b3d4700f3dff50be50661cdab80c06b247135c1d27491
- SHA512
  
  a16b2023b8d72f34264a73066fe3cdabad1547c045119b4d28ae8eba28d5c8d9f70cbc4c6f3f7157df61cc0e8aa81dda9be395560f7779ebcfcf8bac8f19ce9a
- SSDEEP
  
  384:7Ew7wknHOYXQdhLGPvCaV4pLS7OGQ8xy1Czc/Dp+c6nne:7Ew7wkHOYEGPvCaV4pLzb1f/Dpl
Score

10^/10

modiloader persistence trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderpersistencetrojanupx

behavioral2

modiloaderpersistencetrojanupx

© 2018-2024

Terms | Privacy