modiloader | 1799b831b481ff63498d85e950b354e50484fa1c758ad0b76c5eca5f93b40fb8 | Triage

Submit
Reports

Overview

overview

Static

static

3

d3f0bc95be...18.exe

windows7-x64

d3f0bc95be...18.exe

windows10-2004-x64

Sharing

General

Target

d3f0bc95be74ed55225cdde3cf280a1d_JaffaCakes118
Size

587KB
Sample

240908-kbddfaxhje
MD5

d3f0bc95be74ed55225cdde3cf280a1d
SHA1

aca2abfc01069e118d52848d0fa7094e1776816e
SHA256

1799b831b481ff63498d85e950b354e50484fa1c758ad0b76c5eca5f93b40fb8
SHA512

dbb8e0b343946002a40ce1ba0b474815eb29af512abfe87831381642b94d99375b5b92c85391e552f4ac3b45727609e8ff90348acf872a3fcabdc95ec53a7062
SSDEEP

12288:ovd6O/FpRwxiZkET7FWbGlEF3Z4mxxTiq0zYD1WBz31V:o16ggsjTKQmXmTYDm3n

Score

10^/10

modiloader discovery trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d3f0bc95be74ed55225cdde3cf280a1d_JaffaCakes118.exe

Resource

win7-20240903-en

modiloader discovery trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

d3f0bc95be74ed55225cdde3cf280a1d_JaffaCakes118.exe

Resource

win10v2004-20240802-en

modiloader discovery trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  d3f0bc95be74ed55225cdde3cf280a1d_JaffaCakes118
- Size
  
  587KB
- MD5
  
  d3f0bc95be74ed55225cdde3cf280a1d
- SHA1
  
  aca2abfc01069e118d52848d0fa7094e1776816e
- SHA256
  
  1799b831b481ff63498d85e950b354e50484fa1c758ad0b76c5eca5f93b40fb8
- SHA512
  
  dbb8e0b343946002a40ce1ba0b474815eb29af512abfe87831381642b94d99375b5b92c85391e552f4ac3b45727609e8ff90348acf872a3fcabdc95ec53a7062
- SSDEEP
  
  12288:ovd6O/FpRwxiZkET7FWbGlEF3Z4mxxTiq0zYD1WBz31V:o16ggsjTKQmXmTYDm3n
Score

10^/10

modiloader discovery trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdiscoverytrojan

behavioral2

modiloaderdiscoverytrojan

© 2018-2025

Terms | Privacy