modiloader | 67148585e3e45054749c2ea832680577ee2043705b7559d233a99c9567d55507 | Triage

Submit
Reports

Overview

overview

Static

static

3

02d98b95a8...18.exe

windows7-x64

02d98b95a8...18.exe

windows10-2004-x64

Sharing

General

Target

02d98b95a8871f838c5a365f24383b9a_JaffaCakes118
Size

417KB
Sample

240620-e8ae6aygqf
MD5

02d98b95a8871f838c5a365f24383b9a
SHA1

a6c1205fc773bc08ca64710dae40a74d77aca6a8
SHA256

67148585e3e45054749c2ea832680577ee2043705b7559d233a99c9567d55507
SHA512

381272c38b799872c82afe1760402d7d8b371165635c3834ee5d911d5a2bf38c0a29db27e1646bb1b93cc3f8fb4ca80796b25c70c4a582aa61db4eb08ca1b12e
SSDEEP

12288:ysRpeFovtrv8UXOndOGqJXkv53C4taA9tGel:y+eWlrvXXOnUKRFtH

Score

10^/10

modiloader evasion persistence privilege_escalation trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

02d98b95a8871f838c5a365f24383b9a_JaffaCakes118.exe

Resource

win7-20240508-en

modiloader evasion persistence privilege_escalation trojan upx

windows7-x64

21 signatures

150 seconds

Behavioral task

behavioral2

Sample

02d98b95a8871f838c5a365f24383b9a_JaffaCakes118.exe

Resource

win10v2004-20240508-en

modiloader evasion persistence privilege_escalation trojan upx

windows10-2004-x64

23 signatures

150 seconds

Malware Config

Targets

- Target
  
  02d98b95a8871f838c5a365f24383b9a_JaffaCakes118
- Size
  
  417KB
- MD5
  
  02d98b95a8871f838c5a365f24383b9a
- SHA1
  
  a6c1205fc773bc08ca64710dae40a74d77aca6a8
- SHA256
  
  67148585e3e45054749c2ea832680577ee2043705b7559d233a99c9567d55507
- SHA512
  
  381272c38b799872c82afe1760402d7d8b371165635c3834ee5d911d5a2bf38c0a29db27e1646bb1b93cc3f8fb4ca80796b25c70c4a582aa61db4eb08ca1b12e
- SSDEEP
  
  12288:ysRpeFovtrv8UXOndOGqJXkv53C4taA9tGel:y+eWlrvXXOnUKRFtH
Score

10^/10

modiloader evasion persistence privilege_escalation trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- UAC bypass
  evasion trojan
- ModiLoader Second Stage
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

modiloaderevasionpersistenceprivilege_escalationtrojanupx

behavioral2

modiloaderevasionpersistenceprivilege_escalationtrojanupx

© 2018-2024

Terms | Privacy