modiloader | ce448f5603a2b2b6a8cdfe7e15b60dd2b81f608c725a037cf5a7ad568d67f61d | Triage

Submit
Reports

Overview

overview

Static

static

d3d1e52278...18.exe

windows7-x64

d3d1e52278...18.exe

windows10-2004-x64

Sharing

General

Target

d3d1e5227872ce5c8613af9767a72e2e_JaffaCakes118
Size

50KB
Sample

240908-h3fa1avfqh
MD5

d3d1e5227872ce5c8613af9767a72e2e
SHA1

84a817b9798b5661ff2b5134958767871456c60a
SHA256

ce448f5603a2b2b6a8cdfe7e15b60dd2b81f608c725a037cf5a7ad568d67f61d
SHA512

c7c19c5d9e68ef388402dcd291e23bd47b916300982438b1db16c25d493db30faf9ea80a59a68c18c70f2e3f77f20bf429c6fbaed48a40e094a9a02405d663bc
SSDEEP

768:2C38NcRIQbDY5XlKZpfuoQEMWTjuHtYC0UzS8+1FO6vJGmrD74kTK6N1Q30igL:2CGcRjbD75MUuH/mF9HRKw+gL

Score

10^/10

modiloader discovery trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

d3d1e5227872ce5c8613af9767a72e2e_JaffaCakes118.exe

Resource

win7-20240903-en

modiloader discovery trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

d3d1e5227872ce5c8613af9767a72e2e_JaffaCakes118.exe

Resource

win10v2004-20240802-en

modiloader discovery trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  d3d1e5227872ce5c8613af9767a72e2e_JaffaCakes118
- Size
  
  50KB
- MD5
  
  d3d1e5227872ce5c8613af9767a72e2e
- SHA1
  
  84a817b9798b5661ff2b5134958767871456c60a
- SHA256
  
  ce448f5603a2b2b6a8cdfe7e15b60dd2b81f608c725a037cf5a7ad568d67f61d
- SHA512
  
  c7c19c5d9e68ef388402dcd291e23bd47b916300982438b1db16c25d493db30faf9ea80a59a68c18c70f2e3f77f20bf429c6fbaed48a40e094a9a02405d663bc
- SSDEEP
  
  768:2C38NcRIQbDY5XlKZpfuoQEMWTjuHtYC0UzS8+1FO6vJGmrD74kTK6N1Q30igL:2CGcRjbD75MUuH/mF9HRKw+gL
Score

10^/10

modiloader discovery trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdiscoverytrojan

behavioral2

modiloaderdiscoverytrojan

© 2018-2025

Terms | Privacy