modiloader | cbddbaa2221b77d63e673d0335974355458efed57ac6fb8644ff35c42c5dea6a | Triage

Submit
Reports

Overview

overview

Static

static

3

721019d073...18.exe

windows7-x64

721019d073...18.exe

windows10-2004-x64

Sharing

General

Target

721019d073cb419cb8b731aa85f61f2d_JaffaCakes118
Size

899KB
Sample

240726-bs7h6sxell
MD5

721019d073cb419cb8b731aa85f61f2d
SHA1

8a2b75d5a288994a930f2e90947e620c4fb8af51
SHA256

cbddbaa2221b77d63e673d0335974355458efed57ac6fb8644ff35c42c5dea6a
SHA512

b5d6c5266668784d33ad72bf9d84c79301c90d55e06cdf9ac490384f95067bd3ad0606578e0707dec0d92de385f64071f047e567ab4677a2a325233d487e62b3
SSDEEP

24576:wQmHy3jLFnWlj5gdcKcTKk80Hl8EXRJzgvxQ4PI8IX:aHyzLFWl2dc9TKk38EXzgvLIF

Score

10^/10

modiloader bootkit discovery persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

721019d073cb419cb8b731aa85f61f2d_JaffaCakes118.exe

Resource

win7-20240705-en

modiloader bootkit discovery persistence trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

721019d073cb419cb8b731aa85f61f2d_JaffaCakes118.exe

Resource

win10v2004-20240709-en

modiloader bootkit discovery persistence trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  721019d073cb419cb8b731aa85f61f2d_JaffaCakes118
- Size
  
  899KB
- MD5
  
  721019d073cb419cb8b731aa85f61f2d
- SHA1
  
  8a2b75d5a288994a930f2e90947e620c4fb8af51
- SHA256
  
  cbddbaa2221b77d63e673d0335974355458efed57ac6fb8644ff35c42c5dea6a
- SHA512
  
  b5d6c5266668784d33ad72bf9d84c79301c90d55e06cdf9ac490384f95067bd3ad0606578e0707dec0d92de385f64071f047e567ab4677a2a325233d487e62b3
- SSDEEP
  
  24576:wQmHy3jLFnWlj5gdcKcTKk80Hl8EXRJzgvxQ4PI8IX:aHyzLFWl2dc9TKk38EXzgvLIF
Score

10^/10

modiloader bootkit discovery persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderbootkitdiscoverypersistencetrojan

behavioral2

modiloaderbootkitdiscoverypersistencetrojan

© 2018-2024

Terms | Privacy