modiloader | 7e09e96e9216d61b8445789c366a01f05397cd17ee5b8421680061978b72fed3 | Triage

Submit
Reports

Overview

overview

Static

static

cf890fcc84...18.exe

windows7-x64

cf890fcc84...18.exe

windows10-2004-x64

Sharing

General

Target

cf890fcc843b9194cff26f2d9ab0cb3f_JaffaCakes118
Size

19KB
Sample

240906-ppldeswdmm
MD5

cf890fcc843b9194cff26f2d9ab0cb3f
SHA1

770d68798b2e264ed256b25f5c6f646fcf70c7f3
SHA256

7e09e96e9216d61b8445789c366a01f05397cd17ee5b8421680061978b72fed3
SHA512

3ced9ee3111cde5c7f47dde16fe91e0e912d902e06543b29febe6ec5690a7ff3da9dded3528fd47d83563ef696b38d289222cf7cf721c76acd8200d9dcf4122b
SSDEEP

192:nyqfw5fA7NjtJ8NWc2SOkctI3dFH6i/7MaNEaRLhmRdA/IcHI8U3NG2SwFM8uAPu:5wWzSuIEmHZTJDRLcf1sMM8BPCD

Score

10^/10

modiloader discovery persistence trojan upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

cf890fcc843b9194cff26f2d9ab0cb3f_JaffaCakes118.exe

Resource

win7-20240903-en

modiloader discovery persistence trojan upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

cf890fcc843b9194cff26f2d9ab0cb3f_JaffaCakes118.exe

Resource

win10v2004-20240802-en

modiloader discovery persistence trojan upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  cf890fcc843b9194cff26f2d9ab0cb3f_JaffaCakes118
- Size
  
  19KB
- MD5
  
  cf890fcc843b9194cff26f2d9ab0cb3f
- SHA1
  
  770d68798b2e264ed256b25f5c6f646fcf70c7f3
- SHA256
  
  7e09e96e9216d61b8445789c366a01f05397cd17ee5b8421680061978b72fed3
- SHA512
  
  3ced9ee3111cde5c7f47dde16fe91e0e912d902e06543b29febe6ec5690a7ff3da9dded3528fd47d83563ef696b38d289222cf7cf721c76acd8200d9dcf4122b
- SSDEEP
  
  192:nyqfw5fA7NjtJ8NWc2SOkctI3dFH6i/7MaNEaRLhmRdA/IcHI8U3NG2SwFM8uAPu:5wWzSuIEmHZTJDRLcf1sMM8BPCD
Score

10^/10

modiloader discovery persistence trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdiscoverypersistencetrojanupx

behavioral2

modiloaderdiscoverypersistencetrojanupx

© 2018-2025

Terms | Privacy