modiloader | f1339093d127a2d0cb7b380d0a563ba49fbf44b890bf24d49e7eb367c9792eb2

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
24-06-2024 10:13

Target

07e6d2bd952ee3ab3dd0a021bf33bd1a_JaffaCakes118.exe
Size

71KB
MD5

07e6d2bd952ee3ab3dd0a021bf33bd1a
SHA1

623a78e64e6caa30d748fe022d32fc62d5805312
SHA256

f1339093d127a2d0cb7b380d0a563ba49fbf44b890bf24d49e7eb367c9792eb2
SHA512

8b40a498bd5ce7b959d78e5d467c15fb8fef6583b2eacea472696fe8873a593c190b3342d3034fe39d13d820a4deb57ff26172f8b065ea8baac9b1b7510c30bf
SSDEEP

768:Xj4C9BNOPJ3XviOkCLc6qJ47NCYcGDdy4QYaJzM2K+toCA5nGjtl+g7s2hBllVui:Xj/wAigY9SmWtPce/LjWkrjJG7cknW

Score

10^/10

modiloader trojan

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader

ModiLoader Second Stage 1 IoCs

resource	yara_rule
behavioral1/memory/1752-0-0x0000000000400000-0x0000000000419000-memory.dmp	modiloader_stage2

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\	07e6d2bd952ee3ab3dd0a021bf33bd1a_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\07e6d2bd952ee3ab3dd0a021bf33bd1a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\07e6d2bd952ee3ab3dd0a021bf33bd1a_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
PID:1752

memory/1752-0-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download