modiloader | babeb60e7af54c04c0ed96760c7f2da00472fc5aafc37e14340b4ef02eb87466 | Triage

Submit
Reports

Overview

overview

Static

static

7

73e4e97227...18.exe

windows7-x64

73e4e97227...18.exe

windows10-2004-x64

7

Sharing

General

Target

73e4e972274371570ce7a270e978d853_JaffaCakes118
Size

183KB
Sample

240726-nr1qfsvgjj
MD5

73e4e972274371570ce7a270e978d853
SHA1

469c44a75281865db274947591b5feec7ffe069e
SHA256

babeb60e7af54c04c0ed96760c7f2da00472fc5aafc37e14340b4ef02eb87466
SHA512

1345c45e94a8eeb3a10dd2c8779122184cd5e2d2a754d14929dccd713b1b95540c3b36b757f082c346ea457b9920f5695507a09b8b8f284e945618dadf0f25b0
SSDEEP

3072:3aBQqrSTCnM4VR7eMnQzAsrS55tF5gzA1C934hc8zicUeetZQHL0bIR:yQq1M8R7aE55tCA1Ch4h1EtL

Score

10^/10

modiloader discovery trojan upx vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

73e4e972274371570ce7a270e978d853_JaffaCakes118.exe

Resource

win7-20240708-en

modiloader discovery trojan upx vmprotect

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

73e4e972274371570ce7a270e978d853_JaffaCakes118.exe

Resource

win10v2004-20240709-en

discovery upx vmprotect

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  73e4e972274371570ce7a270e978d853_JaffaCakes118
- Size
  
  183KB
- MD5
  
  73e4e972274371570ce7a270e978d853
- SHA1
  
  469c44a75281865db274947591b5feec7ffe069e
- SHA256
  
  babeb60e7af54c04c0ed96760c7f2da00472fc5aafc37e14340b4ef02eb87466
- SHA512
  
  1345c45e94a8eeb3a10dd2c8779122184cd5e2d2a754d14929dccd713b1b95540c3b36b757f082c346ea457b9920f5695507a09b8b8f284e945618dadf0f25b0
- SSDEEP
  
  3072:3aBQqrSTCnM4VR7eMnQzAsrS55tF5gzA1C934hc8zicUeetZQHL0bIR:yQq1M8R7aE55tCA1Ch4h1EtL
Score

10^/10

modiloader discovery trojan upx vmprotect
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

modiloaderdiscoverytrojanupxvmprotect

behavioral2

discoveryupxvmprotect

© 2018-2024

Terms | Privacy