modiloader | 560e8807daa158a59f281e851bef7f012c7e2ce9750e80029e037dee4eee22a7 | Triage

Submit
Reports

Overview

overview

Static

static

777e35b3a1...18.exe

windows7-x64

777e35b3a1...18.exe

windows10-2004-x64

Sharing

General

Target

777e35b3a1abed8ca65687388a6122c7_JaffaCakes118
Size

36KB
Sample

240527-b3fs7scf74
MD5

777e35b3a1abed8ca65687388a6122c7
SHA1

417c0cab872909445df19bc225c8fe81948b40bf
SHA256

560e8807daa158a59f281e851bef7f012c7e2ce9750e80029e037dee4eee22a7
SHA512

5a9de6617c960abc4c6ae524c9436d3083e7c626ddb2efc31cb1964f8f8e33a47a5bb22367c8da20103a475a5a21aa58cef4a0dc3372b04dc95aa295cbbea76e
SSDEEP

768:hycqOQ0bwMK2M3fQde8Pfymg0M9EQfRo0yUP8:YcqOQbB3fQc8Pfymg0yxpByr

Score

10^/10

modiloader persistence trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

777e35b3a1abed8ca65687388a6122c7_JaffaCakes118.exe

Resource

win7-20240508-en

modiloader persistence trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

777e35b3a1abed8ca65687388a6122c7_JaffaCakes118.exe

Resource

win10v2004-20240508-en

modiloader persistence trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  777e35b3a1abed8ca65687388a6122c7_JaffaCakes118
- Size
  
  36KB
- MD5
  
  777e35b3a1abed8ca65687388a6122c7
- SHA1
  
  417c0cab872909445df19bc225c8fe81948b40bf
- SHA256
  
  560e8807daa158a59f281e851bef7f012c7e2ce9750e80029e037dee4eee22a7
- SHA512
  
  5a9de6617c960abc4c6ae524c9436d3083e7c626ddb2efc31cb1964f8f8e33a47a5bb22367c8da20103a475a5a21aa58cef4a0dc3372b04dc95aa295cbbea76e
- SSDEEP
  
  768:hycqOQ0bwMK2M3fQde8Pfymg0M9EQfRo0yUP8:YcqOQbB3fQc8Pfymg0yxpByr
Score

10^/10

modiloader persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

modiloaderpersistencetrojan

behavioral2

modiloaderpersistencetrojan

© 2018-2024

Terms | Privacy