modiloader | dadec95f1f9d741a9949dcac4a9a59dfec8c4d44833c3ab5aac08e57fa9711e4 | Triage

Submit
Reports

Overview

overview

Static

static

7

03bb586268...18.exe

windows7-x64

03bb586268...18.exe

windows10-2004-x64

Sharing

General

Target

03bb586268f86e475a6ba2706e94e337_JaffaCakes118
Size

752KB
Sample

240620-hgmsysyfjj
MD5

03bb586268f86e475a6ba2706e94e337
SHA1

393accc786fac6fa7fb17f9ba954f17548fe1761
SHA256

dadec95f1f9d741a9949dcac4a9a59dfec8c4d44833c3ab5aac08e57fa9711e4
SHA512

b69c0540398ca48c438fef137837e6e1fa655ac13b839ccc28aa1fbb4c325b52af5a160bf28b2430e287a4d35b7d51d0eaa677d9bbc18c2595080ebe1e7e4ce9
SSDEEP

12288:3eFzF12lV+XoSv5ZXMPbDdnyh4ZliTRUkIpC0ZgpjZSTKmwNNOHrRInBZqpzUF4c:3OPbMpz0ZSTK7WQqtURjZnli5k

Score

10^/10

modiloader evasion persistence trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

03bb586268f86e475a6ba2706e94e337_JaffaCakes118.exe

Resource

win7-20240221-en

modiloader evasion persistence trojan upx

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

03bb586268f86e475a6ba2706e94e337_JaffaCakes118.exe

Resource

win10v2004-20240611-en

modiloader evasion persistence trojan upx

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  03bb586268f86e475a6ba2706e94e337_JaffaCakes118
- Size
  
  752KB
- MD5
  
  03bb586268f86e475a6ba2706e94e337
- SHA1
  
  393accc786fac6fa7fb17f9ba954f17548fe1761
- SHA256
  
  dadec95f1f9d741a9949dcac4a9a59dfec8c4d44833c3ab5aac08e57fa9711e4
- SHA512
  
  b69c0540398ca48c438fef137837e6e1fa655ac13b839ccc28aa1fbb4c325b52af5a160bf28b2430e287a4d35b7d51d0eaa677d9bbc18c2595080ebe1e7e4ce9
- SSDEEP
  
  12288:3eFzF12lV+XoSv5ZXMPbDdnyh4ZliTRUkIpC0ZgpjZSTKmwNNOHrRInBZqpzUF4c:3OPbMpz0ZSTK7WQqtURjZnli5k
Score

10^/10

modiloader evasion persistence trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- UAC bypass
  evasion trojan
- ModiLoader Second Stage
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderevasionpersistencetrojanupx

behavioral2

modiloaderevasionpersistencetrojanupx

© 2018-2024

Terms | Privacy