modiloader | b44c0cd9f8f90f7f174a158cb80bbbacf8fd7faaf65e01d1784cda03f21b5622 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

ae2c492757...18.exe

windows7-x64

ae2c492757...18.exe

windows10-2004-x64

Sharing

General

Target

ae2c492757e34fcd73cdcf30df8523ad_JaffaCakes118
Size

392KB
Sample

240820-g9g8ha1enr
MD5

ae2c492757e34fcd73cdcf30df8523ad
SHA1

9f5d08bd79074538a3d0499a2b67336de113e5f3
SHA256

b44c0cd9f8f90f7f174a158cb80bbbacf8fd7faaf65e01d1784cda03f21b5622
SHA512

7d44a49316b0f58138548f9dd7b9608718397f75513216fd6afe69ab9202594260d9c050ee14d5256773d83c01842a1f5a2dfcdee5954a33be7b3217d10515d2
SSDEEP

12288:Ro6te9Im5aKyH3/09ONntilBme7A6wlFl7vpJcZGRD:W8vSaTc9OylAe7A6Cr7LD

Score

10^/10

modiloader discovery evasion persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ae2c492757e34fcd73cdcf30df8523ad_JaffaCakes118.exe

Resource

win7-20240705-en

modiloader discovery evasion persistence trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

ae2c492757e34fcd73cdcf30df8523ad_JaffaCakes118.exe

Resource

win10v2004-20240802-en

modiloader discovery evasion persistence trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  ae2c492757e34fcd73cdcf30df8523ad_JaffaCakes118
- Size
  
  392KB
- MD5
  
  ae2c492757e34fcd73cdcf30df8523ad
- SHA1
  
  9f5d08bd79074538a3d0499a2b67336de113e5f3
- SHA256
  
  b44c0cd9f8f90f7f174a158cb80bbbacf8fd7faaf65e01d1784cda03f21b5622
- SHA512
  
  7d44a49316b0f58138548f9dd7b9608718397f75513216fd6afe69ab9202594260d9c050ee14d5256773d83c01842a1f5a2dfcdee5954a33be7b3217d10515d2
- SSDEEP
  
  12288:Ro6te9Im5aKyH3/09ONntilBme7A6wlFl7vpJcZGRD:W8vSaTc9OylAe7A6Cr7LD
Score

10^/10

modiloader discovery evasion persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- UAC bypass
  evasion trojan
- ModiLoader Second Stage
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdiscoveryevasionpersistencetrojan

behavioral2

modiloaderdiscoveryevasionpersistencetrojan

© 2018-2025

Terms | Privacy