modiloader | 020e562d225d0ebc97171e5fefc7a86ee01c2a1a5f5090fa00e49c5e65ab8f1a | Triage

Submit
Reports

Overview

overview

Static

static

3

cecff36c1c...18.exe

windows7-x64

cecff36c1c...18.exe

windows10-2004-x64

3

Sharing

General

Target

cecff36c1ce1c5204617f27b9f6207fd_JaffaCakes118
Size

541KB
Sample

240906-ghyfeazapp
MD5

cecff36c1ce1c5204617f27b9f6207fd
SHA1

eedbbd2c11bec294daaf5314ce19e25c15b404f0
SHA256

020e562d225d0ebc97171e5fefc7a86ee01c2a1a5f5090fa00e49c5e65ab8f1a
SHA512

139daf99a16bb87b2f84feb9d70ab76b68fa5220beb067732ecfcc1034f37cf466817083ac8d9cf6abca77ae69e326122683ceb2b01674e49514a64670d3a3da
SSDEEP

12288:WH3hTUjHVfmbTt7GI3YDIfY5owVMnyn2CkeXN0sR/etsdyKEp:WXGrVeSyYCHnyTkeXWsVe8k

Score

10^/10

modiloader defense_evasion discovery persistence trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

cecff36c1ce1c5204617f27b9f6207fd_JaffaCakes118.exe

Resource

win7-20240903-en

modiloader defense_evasion discovery persistence trojan upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

cecff36c1ce1c5204617f27b9f6207fd_JaffaCakes118.exe

Resource

win10v2004-20240802-en

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Targets

- Target
  
  cecff36c1ce1c5204617f27b9f6207fd_JaffaCakes118
- Size
  
  541KB
- MD5
  
  cecff36c1ce1c5204617f27b9f6207fd
- SHA1
  
  eedbbd2c11bec294daaf5314ce19e25c15b404f0
- SHA256
  
  020e562d225d0ebc97171e5fefc7a86ee01c2a1a5f5090fa00e49c5e65ab8f1a
- SHA512
  
  139daf99a16bb87b2f84feb9d70ab76b68fa5220beb067732ecfcc1034f37cf466817083ac8d9cf6abca77ae69e326122683ceb2b01674e49514a64670d3a3da
- SSDEEP
  
  12288:WH3hTUjHVfmbTt7GI3YDIfY5owVMnyn2CkeXN0sR/etsdyKEp:WXGrVeSyYCHnyTkeXWsVe8k
Score

10^/10

modiloader defense_evasion discovery persistence trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Server Software Component: Terminal Services DLL
  persistence
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdefense_evasiondiscoverypersistencetrojanupx

behavioral2

© 2018-2025

Terms | Privacy