modiloader | d708cc8a23586dfc31bb2563484f7068fdf58955611b6f1e40de93112eb4637f | Triage

Submit
Reports

Overview

overview

Static

static

013dcfea0e...18.exe

windows7-x64

013dcfea0e...18.exe

windows10-2004-x64

Sharing

General

Target

013dcfea0eff15673ebb1fb3eed7adbc_JaffaCakes118
Size

157KB
Sample

240619-3rr6msxdkd
MD5

013dcfea0eff15673ebb1fb3eed7adbc
SHA1

c9f3eae70d640888b87c56000fa347060967e8c3
SHA256

d708cc8a23586dfc31bb2563484f7068fdf58955611b6f1e40de93112eb4637f
SHA512

bbdd84afee83ac808392a8a6ede5167cc4481d9a1cc5ebbd2660bd251b93b8edc56277fc63bfc732b4e6d0700ec48ebb8013dedbebfbdeaf292f93f3114171de
SSDEEP

3072:DGbHwx3GsAFyQbXO0kwXmFRqAh+7QouCv8BATTy+zL9GwqRlcBapeEdmIMyXFD:DG7u6jrkwvKaXR0cyYLF6lcBapBdd1D

Score

10^/10

modiloader defense_evasion persistence trojan upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

013dcfea0eff15673ebb1fb3eed7adbc_JaffaCakes118.exe

Resource

win7-20240508-en

modiloader defense_evasion persistence trojan upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

013dcfea0eff15673ebb1fb3eed7adbc_JaffaCakes118.exe

Resource

win10v2004-20240508-en

modiloader defense_evasion persistence trojan upx

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  013dcfea0eff15673ebb1fb3eed7adbc_JaffaCakes118
- Size
  
  157KB
- MD5
  
  013dcfea0eff15673ebb1fb3eed7adbc
- SHA1
  
  c9f3eae70d640888b87c56000fa347060967e8c3
- SHA256
  
  d708cc8a23586dfc31bb2563484f7068fdf58955611b6f1e40de93112eb4637f
- SHA512
  
  bbdd84afee83ac808392a8a6ede5167cc4481d9a1cc5ebbd2660bd251b93b8edc56277fc63bfc732b4e6d0700ec48ebb8013dedbebfbdeaf292f93f3114171de
- SSDEEP
  
  3072:DGbHwx3GsAFyQbXO0kwXmFRqAh+7QouCv8BATTy+zL9GwqRlcBapeEdmIMyXFD:DG7u6jrkwvKaXR0cyYLF6lcBapBdd1D
Score

10^/10

modiloader defense_evasion persistence trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Impair Defenses: Safe Mode Boot
  defense_evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Active Setup

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Active Setup

Defense Evasion

Modify Registry

Impair Defenses

Safe Mode Boot

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

modiloaderdefense_evasionpersistencetrojanupx

behavioral2

modiloaderdefense_evasionpersistencetrojanupx

© 2018-2024

Terms | Privacy