modiloader | ba47864634c9c8fc246aa68f1d4474f6e0da31530ed61de9599f0730ed778d5a | Triage

Submit
Reports

Overview

overview

Static

static

3

02738410c4...18.exe

windows7-x64

02738410c4...18.exe

windows10-2004-x64

Sharing

General

Target

02738410c473a8b778eb4581c64ead77_JaffaCakes118
Size

171KB
Sample

240620-d5gjmawgjh
MD5

02738410c473a8b778eb4581c64ead77
SHA1

7f98caffd32f44b496509073439402dc3118db63
SHA256

ba47864634c9c8fc246aa68f1d4474f6e0da31530ed61de9599f0730ed778d5a
SHA512

c95c8ffd75806cbed7f04e8ccfa11d88c1a87402a2dcf501b6beb6aba0fb5e72edc524d81db4a1e5ce41b2d388842b43221a8baf51b2d9b4ecaeb85daed5ca0c
SSDEEP

3072:AKl+dV9Nn9b6OwF4428+Fsk0pqY6niulKL4eA4bjp6/UHkgJa:lsV9pt6OwFvPMskNniukjIUHRJa

Score

10^/10

modiloader trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

02738410c473a8b778eb4581c64ead77_JaffaCakes118.exe

Resource

win7-20231129-en

modiloader trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

02738410c473a8b778eb4581c64ead77_JaffaCakes118.exe

Resource

win10v2004-20240508-en

modiloader trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  02738410c473a8b778eb4581c64ead77_JaffaCakes118
- Size
  
  171KB
- MD5
  
  02738410c473a8b778eb4581c64ead77
- SHA1
  
  7f98caffd32f44b496509073439402dc3118db63
- SHA256
  
  ba47864634c9c8fc246aa68f1d4474f6e0da31530ed61de9599f0730ed778d5a
- SHA512
  
  c95c8ffd75806cbed7f04e8ccfa11d88c1a87402a2dcf501b6beb6aba0fb5e72edc524d81db4a1e5ce41b2d388842b43221a8baf51b2d9b4ecaeb85daed5ca0c
- SSDEEP
  
  3072:AKl+dV9Nn9b6OwF4428+Fsk0pqY6niulKL4eA4bjp6/UHkgJa:lsV9pt6OwFvPMskNniukjIUHRJa
Score

10^/10

modiloader trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloadertrojan

behavioral2

modiloadertrojan

© 2018-2024

Terms | Privacy