modiloader | a79289cc8351bb9cec526280b9c408a9831c024b78d1c15b0eea1a58a348434c | Triage

Submit
Reports

Overview

overview

Static

static

3

3d82ebe2a0...18.exe

windows7-x64

3d82ebe2a0...18.exe

windows10-2004-x64

Sharing

General

Target

3d82ebe2a0d413142fa297f19685a403_JaffaCakes118
Size

685KB
Sample

240712-qekvksvdkj
MD5

3d82ebe2a0d413142fa297f19685a403
SHA1

2dda03c07ee7cf7ab1a2994769d2c2e80527546c
SHA256

a79289cc8351bb9cec526280b9c408a9831c024b78d1c15b0eea1a58a348434c
SHA512

4451e5f3ec5048bace87f9aabff1c6ef52809e88b34d3c4290402f25210f6cac31967ec84cb7765acd4c6a79cf943238cefa0315018609412aeb50da0ca1bf28
SSDEEP

12288:SzxXAcU3wz6sDRdJ4Ci8R3L/2o1bvSpF3Z4mxxq+hlMkN0J6Yy7hNtp/SJQ:M5Li8R3j2o1bcQmXq+skNcl0S+

Score

10^/10

modiloader aspackv2 persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

3d82ebe2a0d413142fa297f19685a403_JaffaCakes118.exe

Resource

win7-20240704-en

modiloader aspackv2 persistence trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

3d82ebe2a0d413142fa297f19685a403_JaffaCakes118.exe

Resource

win10v2004-20240709-en

modiloader aspackv2 persistence trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  3d82ebe2a0d413142fa297f19685a403_JaffaCakes118
- Size
  
  685KB
- MD5
  
  3d82ebe2a0d413142fa297f19685a403
- SHA1
  
  2dda03c07ee7cf7ab1a2994769d2c2e80527546c
- SHA256
  
  a79289cc8351bb9cec526280b9c408a9831c024b78d1c15b0eea1a58a348434c
- SHA512
  
  4451e5f3ec5048bace87f9aabff1c6ef52809e88b34d3c4290402f25210f6cac31967ec84cb7765acd4c6a79cf943238cefa0315018609412aeb50da0ca1bf28
- SSDEEP
  
  12288:SzxXAcU3wz6sDRdJ4Ci8R3L/2o1bvSpF3Z4mxxq+hlMkN0J6Yy7hNtp/SJQ:M5Li8R3j2o1bcQmXq+skNcl0S+
Score

10^/10

modiloader aspackv2 persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderaspackv2persistencetrojan

behavioral2

modiloaderaspackv2persistencetrojan

© 2018-2025

Terms | Privacy