modiloader | 2aa702ad5ec863508dbdae9eeb27552031bc72d522cf29684d1ff972d2a3eb09 | Triage

Submit
Reports

Overview

overview

Static

static

cc901f826a...18.exe

windows7-x64

cc901f826a...18.exe

windows10-2004-x64

Sharing

General

Target

cc901f826af1ac38365de4c4eeb545d5_JaffaCakes118
Size

265KB
Sample

240831-lh9wnaxbja
MD5

cc901f826af1ac38365de4c4eeb545d5
SHA1

edccc2e480708c69e2c475b3d2e18b5a9e1cb340
SHA256

2aa702ad5ec863508dbdae9eeb27552031bc72d522cf29684d1ff972d2a3eb09
SHA512

3d4ca47a2ade27f1089b9ec0edcfd7fde9a450e7502d4204b64e90a1f1c7cb11ecf51938e4ee768aa988f2f96830356b3db6ca6a2e0af8c4263a203e050fdbb3
SSDEEP

6144:8vKpppOTRfjSl9LmXnzHgzVdmr0csOvRRq+v16neNysj7yzf/A:F0RfjS/yem4cso82EzfI

Score

10^/10

modiloader discovery trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

cc901f826af1ac38365de4c4eeb545d5_JaffaCakes118.exe

Resource

win7-20240704-en

modiloader discovery trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

cc901f826af1ac38365de4c4eeb545d5_JaffaCakes118.exe

Resource

win10v2004-20240802-en

modiloader discovery trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  cc901f826af1ac38365de4c4eeb545d5_JaffaCakes118
- Size
  
  265KB
- MD5
  
  cc901f826af1ac38365de4c4eeb545d5
- SHA1
  
  edccc2e480708c69e2c475b3d2e18b5a9e1cb340
- SHA256
  
  2aa702ad5ec863508dbdae9eeb27552031bc72d522cf29684d1ff972d2a3eb09
- SHA512
  
  3d4ca47a2ade27f1089b9ec0edcfd7fde9a450e7502d4204b64e90a1f1c7cb11ecf51938e4ee768aa988f2f96830356b3db6ca6a2e0af8c4263a203e050fdbb3
- SSDEEP
  
  6144:8vKpppOTRfjSl9LmXnzHgzVdmr0csOvRRq+v16neNysj7yzf/A:F0RfjS/yem4cso82EzfI
Score

10^/10

modiloader discovery trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdiscoverytrojan

behavioral2

modiloaderdiscoverytrojan

© 2018-2025

Terms | Privacy