modiloader | d3e00c7815883bf23b105f8696e79f5d27d154f0bb1a5d79de10eebb715950f1 | Triage

Submit
Reports

Overview

overview

Static

static

7

d020838b6f...18.exe

windows7-x64

d020838b6f...18.exe

windows10-2004-x64

7

Sharing

General

Target

d020838b6fb1bd181c87bb305ee7f674_JaffaCakes118
Size

905KB
Sample

240906-wgpt7szemr
MD5

d020838b6fb1bd181c87bb305ee7f674
SHA1

63997af497605fd809db652c2332d73780c86a33
SHA256

d3e00c7815883bf23b105f8696e79f5d27d154f0bb1a5d79de10eebb715950f1
SHA512

4b967466945575cd298d51783690d976f78cb84aba995c57df9e569e2bf10868854d6218ef047432c0c1e603aca25c71b515a95d14637a64de1d11915faeeaab
SSDEEP

24576:Ngk6PDLowBpGJZnFNQGGYLuZmrN4o1ynj4DZVR0UkbcB:2P/GrvtGvZmrNzgEDZV6R

Score

10^/10

modiloader discovery evasion themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

d020838b6fb1bd181c87bb305ee7f674_JaffaCakes118.exe

Resource

win7-20240903-en

modiloader discovery evasion themida trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

d020838b6fb1bd181c87bb305ee7f674_JaffaCakes118.exe

Resource

win10v2004-20240802-en

discovery evasion themida

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  d020838b6fb1bd181c87bb305ee7f674_JaffaCakes118
- Size
  
  905KB
- MD5
  
  d020838b6fb1bd181c87bb305ee7f674
- SHA1
  
  63997af497605fd809db652c2332d73780c86a33
- SHA256
  
  d3e00c7815883bf23b105f8696e79f5d27d154f0bb1a5d79de10eebb715950f1
- SHA512
  
  4b967466945575cd298d51783690d976f78cb84aba995c57df9e569e2bf10868854d6218ef047432c0c1e603aca25c71b515a95d14637a64de1d11915faeeaab
- SSDEEP
  
  24576:Ngk6PDLowBpGJZnFNQGGYLuZmrN4o1ynj4DZVR0UkbcB:2P/GrvtGvZmrNzgEDZV6R
Score

10^/10

modiloader discovery evasion themida trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdiscoveryevasionthemidatrojan

behavioral2

discoveryevasionthemida

© 2018-2025

Terms | Privacy