modiloader | f1c325b581f90e58d2bd957656a8b617c1be034a4f8e2e5b846fea811d947d0a | Triage

Submit
Reports

Overview

overview

Static

static

3

d26967323e...18.exe

windows7-x64

d26967323e...18.exe

windows10-2004-x64

Sharing

General

Target

d26967323e8dd3d37f5039ba4cb9e50c_JaffaCakes118
Size

286KB
Sample

240907-vgk1kswfke
MD5

d26967323e8dd3d37f5039ba4cb9e50c
SHA1

b3514670a7bb6a3fb44ef6eb6bb06350c28d93c9
SHA256

f1c325b581f90e58d2bd957656a8b617c1be034a4f8e2e5b846fea811d947d0a
SHA512

35021c91afb53f196249c6bbdac3c018bca8f46bf9904ed82a1ad0827bb2bcce6714b6e3dcf7e73ce3a644d1f339586bf8aa49d77e13eb34db1baed932df2f18
SSDEEP

3072:gYWWiQnUdGA5IP+XwS78yyU7BU+Y6bW0ULcVTsnoK4cGP3CbqHmtZVl2lK2jCgae:J1iQbvYwS71Y6bWLcNsn/mAVl+/iKd

Score

10^/10

modiloader discovery persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d26967323e8dd3d37f5039ba4cb9e50c_JaffaCakes118.exe

Resource

win7-20240729-en

modiloader discovery persistence trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

d26967323e8dd3d37f5039ba4cb9e50c_JaffaCakes118.exe

Resource

win10v2004-20240802-en

modiloader discovery persistence trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  d26967323e8dd3d37f5039ba4cb9e50c_JaffaCakes118
- Size
  
  286KB
- MD5
  
  d26967323e8dd3d37f5039ba4cb9e50c
- SHA1
  
  b3514670a7bb6a3fb44ef6eb6bb06350c28d93c9
- SHA256
  
  f1c325b581f90e58d2bd957656a8b617c1be034a4f8e2e5b846fea811d947d0a
- SHA512
  
  35021c91afb53f196249c6bbdac3c018bca8f46bf9904ed82a1ad0827bb2bcce6714b6e3dcf7e73ce3a644d1f339586bf8aa49d77e13eb34db1baed932df2f18
- SSDEEP
  
  3072:gYWWiQnUdGA5IP+XwS78yyU7BU+Y6bW0ULcVTsnoK4cGP3CbqHmtZVl2lK2jCgae:J1iQbvYwS71Y6bWLcNsn/mAVl+/iKd
Score

10^/10

modiloader discovery persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdiscoverypersistencetrojan

behavioral2

modiloaderdiscoverypersistencetrojan

© 2018-2025

Terms | Privacy