modiloader | 5103bbe8915dfb5d5b58067c3112582b7c8eb710e0dcfd720a79a99370b23df9 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

2d889cc99d...18.exe

windows7-x64

2d889cc99d...18.exe

windows10-2004-x64

Sharing

General

Target

2d889cc99d992cb6cb478b76f9dbecea_JaffaCakes118
Size

31KB
Sample

240708-x359ravcnr
MD5

2d889cc99d992cb6cb478b76f9dbecea
SHA1

0aba963b4b23e523fd036d5d3e6edfb7f1786cbc
SHA256

5103bbe8915dfb5d5b58067c3112582b7c8eb710e0dcfd720a79a99370b23df9
SHA512

b21e21a976684e55bc68a65366957f78788b6d1b8d79d8a0e9d2d9e6710962953fd4c62995e9ba7e3eed5ea8fc7202c83558e49edaf262c36bfc871f719eb233
SSDEEP

768:zfoixqZOlQQ/a30oDNg0jMmVoas78Kuyfv:zfvxqZ4QQSE3gV9Suy

Score

10^/10

modiloader persistence trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

2d889cc99d992cb6cb478b76f9dbecea_JaffaCakes118.exe

Resource

win7-20240704-en

modiloader persistence trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

2d889cc99d992cb6cb478b76f9dbecea_JaffaCakes118.exe

Resource

win10v2004-20240704-en

modiloader persistence trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  2d889cc99d992cb6cb478b76f9dbecea_JaffaCakes118
- Size
  
  31KB
- MD5
  
  2d889cc99d992cb6cb478b76f9dbecea
- SHA1
  
  0aba963b4b23e523fd036d5d3e6edfb7f1786cbc
- SHA256
  
  5103bbe8915dfb5d5b58067c3112582b7c8eb710e0dcfd720a79a99370b23df9
- SHA512
  
  b21e21a976684e55bc68a65366957f78788b6d1b8d79d8a0e9d2d9e6710962953fd4c62995e9ba7e3eed5ea8fc7202c83558e49edaf262c36bfc871f719eb233
- SSDEEP
  
  768:zfoixqZOlQQ/a30oDNg0jMmVoas78Kuyfv:zfvxqZ4QQSE3gV9Suy
Score

10^/10

modiloader persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies WinLogon for persistence
  persistence
- ModiLoader Second Stage
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderpersistencetrojan

behavioral2

modiloaderpersistencetrojan

© 2018-2025

Terms | Privacy