modiloader | 36126e184bbe1b18a38309ee785d9ea00824a7dba5579a99ca5bb792d2536177 | Triage

Submit
Reports

Overview

overview

Static

static

2d6c4ba6c2...18.exe

windows7-x64

2d6c4ba6c2...18.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

2d6c4ba6c292386af38fe341b266f389_JaffaCakes118
Size

77KB
Sample

240708-xdck5sshmj
MD5

2d6c4ba6c292386af38fe341b266f389
SHA1

168be42d8e4dfffa10d6fa74572de966d27b63c5
SHA256

36126e184bbe1b18a38309ee785d9ea00824a7dba5579a99ca5bb792d2536177
SHA512

c99733a5bd7167be2355337ce3490ec261444f2d1fd3479f0bf308645ddc650b97ff0b075ff99c7b361aa248b6c8f2cc343f9c9fbd72fcdf2fe5506579aa19a3
SSDEEP

1536:c0Ay0rphrqPivg8OQGlJEnVMi+a7/cRgEJuNz9+h3xrvwtKR:cKIphmKvgblinVMmKHw9S5wtKR

Score

10^/10

modiloader persistence trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

2d6c4ba6c292386af38fe341b266f389_JaffaCakes118.exe

Resource

win7-20240708-en

modiloader persistence trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

2d6c4ba6c292386af38fe341b266f389_JaffaCakes118.exe

Resource

win10v2004-20240704-en

modiloader persistence trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  2d6c4ba6c292386af38fe341b266f389_JaffaCakes118
- Size
  
  77KB
- MD5
  
  2d6c4ba6c292386af38fe341b266f389
- SHA1
  
  168be42d8e4dfffa10d6fa74572de966d27b63c5
- SHA256
  
  36126e184bbe1b18a38309ee785d9ea00824a7dba5579a99ca5bb792d2536177
- SHA512
  
  c99733a5bd7167be2355337ce3490ec261444f2d1fd3479f0bf308645ddc650b97ff0b075ff99c7b361aa248b6c8f2cc343f9c9fbd72fcdf2fe5506579aa19a3
- SSDEEP
  
  1536:c0Ay0rphrqPivg8OQGlJEnVMi+a7/cRgEJuNz9+h3xrvwtKR:cKIphmKvgblinVMmKHw9S5wtKR
Score

10^/10

modiloader persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderpersistencetrojan

behavioral2

modiloaderpersistencetrojan

© 2018-2025

Terms | Privacy