modiloader | 787e6e646fabb63caa3454727abb231f80a3c32ab7986e605ef42e97915a471f | Triage

Submit
Reports

Overview

overview

Static

static

3

cf90f5bb98...18.exe

windows7-x64

cf90f5bb98...18.exe

windows10-2004-x64

Sharing

General

Target

cf90f5bb98a97c8706fc43fd6c054c9b_JaffaCakes118
Size

506KB
Sample

240906-p1wnjaxfmd
MD5

cf90f5bb98a97c8706fc43fd6c054c9b
SHA1

75b09bb46eb46a71cf6322088070ca97872d0101
SHA256

787e6e646fabb63caa3454727abb231f80a3c32ab7986e605ef42e97915a471f
SHA512

392a9a3c9c8574be0e1da1831b5e2d718139dfc9ea34159bc08e954251e2c675eee4cb96571fb1dc8cf6835ad7a9066a4db9489192ad5f540365cfa840ad7df3
SSDEEP

12288:pyQ+2aW09U6SYgHrRKo0MCVGl0k5qgIwX2yX1JOvUsGfV668AQ6q:G2anUP5Hr/0pV4LRTX2g1Y0KX6

Score

10^/10

modiloader defense_evasion discovery trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

cf90f5bb98a97c8706fc43fd6c054c9b_JaffaCakes118.exe

Resource

win7-20240903-en

modiloader defense_evasion discovery trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

cf90f5bb98a97c8706fc43fd6c054c9b_JaffaCakes118.exe

Resource

win10v2004-20240802-en

modiloader defense_evasion discovery trojan upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  cf90f5bb98a97c8706fc43fd6c054c9b_JaffaCakes118
- Size
  
  506KB
- MD5
  
  cf90f5bb98a97c8706fc43fd6c054c9b
- SHA1
  
  75b09bb46eb46a71cf6322088070ca97872d0101
- SHA256
  
  787e6e646fabb63caa3454727abb231f80a3c32ab7986e605ef42e97915a471f
- SHA512
  
  392a9a3c9c8574be0e1da1831b5e2d718139dfc9ea34159bc08e954251e2c675eee4cb96571fb1dc8cf6835ad7a9066a4db9489192ad5f540365cfa840ad7df3
- SSDEEP
  
  12288:pyQ+2aW09U6SYgHrRKo0MCVGl0k5qgIwX2yX1JOvUsGfV668AQ6q:G2anUP5Hr/0pV4LRTX2g1Y0KX6
Score

10^/10

modiloader defense_evasion discovery trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Deletes itself
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdefense_evasiondiscoverytrojan

behavioral2

modiloaderdefense_evasiondiscoverytrojanupx

© 2018-2025

Terms | Privacy