modiloader | dc9b0fde10b71811649cacff9df5f4dd3ae6bdad9c0a15a61a08307b3ef85ae9 | Triage

Submit
Reports

Overview

overview

Static

static

0011ab6aa3...18.exe

windows7-x64

0011ab6aa3...18.exe

windows10-2004-x64

Sharing

General

Target

0011ab6aa3a9e60818f1f9ed52ad2ba4_JaffaCakes118
Size

735KB
Sample

240619-xnt8ya1hmq
MD5

0011ab6aa3a9e60818f1f9ed52ad2ba4
SHA1

2f02682435f4cca4db253ce5cf62681e1fcdaac4
SHA256

dc9b0fde10b71811649cacff9df5f4dd3ae6bdad9c0a15a61a08307b3ef85ae9
SHA512

6dca42276c2f2e4a5f572cb0ce99641a134a7b19f0a8bb4e319f23bf5aca7deccfcb5090a150f041b6b55324a590d29dc76e5a6b698c1e77cc6a52a67eda40d0
SSDEEP

12288:LmX53uzH4EDA3IVOT7kb66rQ8DOs+BPWx7u+88YwXThK:Lm5mH4HIVOT7y6n2KBqC3wXTs

Score

10^/10

modiloader trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

0011ab6aa3a9e60818f1f9ed52ad2ba4_JaffaCakes118.exe

Resource

win7-20240220-en

modiloader trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

0011ab6aa3a9e60818f1f9ed52ad2ba4_JaffaCakes118.exe

Resource

win10v2004-20240611-en

modiloader trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  0011ab6aa3a9e60818f1f9ed52ad2ba4_JaffaCakes118
- Size
  
  735KB
- MD5
  
  0011ab6aa3a9e60818f1f9ed52ad2ba4
- SHA1
  
  2f02682435f4cca4db253ce5cf62681e1fcdaac4
- SHA256
  
  dc9b0fde10b71811649cacff9df5f4dd3ae6bdad9c0a15a61a08307b3ef85ae9
- SHA512
  
  6dca42276c2f2e4a5f572cb0ce99641a134a7b19f0a8bb4e319f23bf5aca7deccfcb5090a150f041b6b55324a590d29dc76e5a6b698c1e77cc6a52a67eda40d0
- SSDEEP
  
  12288:LmX53uzH4EDA3IVOT7kb66rQ8DOs+BPWx7u+88YwXThK:Lm5mH4HIVOT7y6n2KBqC3wXTs
Score

10^/10

modiloader trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

modiloadertrojan

behavioral2

modiloadertrojan

© 2018-2024

Terms | Privacy