modiloader | 8e385d9fe4c9f850f613fe98191cce2e849faa67080d91a6a9a001ed2d114985 | Triage

Submit
Reports

Overview

overview

Static

static

d1a769ea55...18.exe

windows7-x64

d1a769ea55...18.exe

windows10-2004-x64

Sharing

General

Target

d1a769ea553fa7efbc773bd1af8befab_JaffaCakes118
Size

78KB
Sample

240907-lvh9gaxgpl
MD5

d1a769ea553fa7efbc773bd1af8befab
SHA1

d412d2f35fb27d93139941aec6466a0a24b6a206
SHA256

8e385d9fe4c9f850f613fe98191cce2e849faa67080d91a6a9a001ed2d114985
SHA512

39cfd00c93fed24acc10bda1b28831affa176658e187ffa4201965806e5d328895b08bbc1654025593708267b93e7bae7c833dd4cc2c20315ae817f4becdfd19
SSDEEP

1536:U0Ay0rphrqPivg8OQGlJEnVMi+a7/cRgEJuNG9+h3xrvwtK6A:UKIphmKvgblinVMmKHB9S5wtKt

Score

10^/10

modiloader discovery persistence trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

d1a769ea553fa7efbc773bd1af8befab_JaffaCakes118.exe

Resource

win7-20240903-en

modiloader discovery persistence trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

d1a769ea553fa7efbc773bd1af8befab_JaffaCakes118.exe

Resource

win10v2004-20240802-en

modiloader discovery persistence trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  d1a769ea553fa7efbc773bd1af8befab_JaffaCakes118
- Size
  
  78KB
- MD5
  
  d1a769ea553fa7efbc773bd1af8befab
- SHA1
  
  d412d2f35fb27d93139941aec6466a0a24b6a206
- SHA256
  
  8e385d9fe4c9f850f613fe98191cce2e849faa67080d91a6a9a001ed2d114985
- SHA512
  
  39cfd00c93fed24acc10bda1b28831affa176658e187ffa4201965806e5d328895b08bbc1654025593708267b93e7bae7c833dd4cc2c20315ae817f4becdfd19
- SSDEEP
  
  1536:U0Ay0rphrqPivg8OQGlJEnVMi+a7/cRgEJuNG9+h3xrvwtK6A:UKIphmKvgblinVMmKHB9S5wtKt
Score

10^/10

modiloader discovery persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdiscoverypersistencetrojan

behavioral2

modiloaderdiscoverypersistencetrojan

© 2018-2025

Terms | Privacy