modiloader | 106551fca79f7aef8d903cb967cf58bcc312fb27fbadd77ec08c77dcf9effea9 | Triage

Submit
Reports

Overview

overview

Static

static

7

86441f2bdc...18.exe

windows7-x64

86441f2bdc...18.exe

windows10-2004-x64

Sharing

General

Target

86441f2bdcebaff18508df7e7abeb8fe_JaffaCakes118
Size

333KB
Sample

240810-qx6vrs1glp
MD5

86441f2bdcebaff18508df7e7abeb8fe
SHA1

83bf95c9d04b2b138324487b7e84f74ba38047e8
SHA256

106551fca79f7aef8d903cb967cf58bcc312fb27fbadd77ec08c77dcf9effea9
SHA512

54f6ddca3780a82c234fa36a307a1fb7c01411bf1e14906dd192d29a20f77c88adbb9a06150ff4ac88c26ed8058b3cd6486ed0bb7ea0294eba9b1569e41cc3b5
SSDEEP

6144:9U1AYBg+3zBWX4oXx5UyonY4Cve6lbUCDts8NbVD7aQ1ZY/6kraVDR0o:9U1ALWzYooBubdCzJlts8Nb5OQ8SgalO

Score

10^/10

modiloader discovery trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

86441f2bdcebaff18508df7e7abeb8fe_JaffaCakes118.exe

Resource

win7-20240704-en

modiloader discovery trojan upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

86441f2bdcebaff18508df7e7abeb8fe_JaffaCakes118.exe

Resource

win10v2004-20240802-en

modiloader discovery trojan upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  86441f2bdcebaff18508df7e7abeb8fe_JaffaCakes118
- Size
  
  333KB
- MD5
  
  86441f2bdcebaff18508df7e7abeb8fe
- SHA1
  
  83bf95c9d04b2b138324487b7e84f74ba38047e8
- SHA256
  
  106551fca79f7aef8d903cb967cf58bcc312fb27fbadd77ec08c77dcf9effea9
- SHA512
  
  54f6ddca3780a82c234fa36a307a1fb7c01411bf1e14906dd192d29a20f77c88adbb9a06150ff4ac88c26ed8058b3cd6486ed0bb7ea0294eba9b1569e41cc3b5
- SSDEEP
  
  6144:9U1AYBg+3zBWX4oXx5UyonY4Cve6lbUCDts8NbVD7aQ1ZY/6kraVDR0o:9U1ALWzYooBubdCzJlts8Nb5OQ8SgalO
Score

10^/10

modiloader discovery trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdiscoverytrojanupx

behavioral2

modiloaderdiscoverytrojanupx

© 2018-2025

Terms | Privacy