modiloader | 4a54a68f73b096fb4c8fc64b4ebb60a1c2e8083ee0c5536883eca1a2802aa14a | Triage

Submit
Reports

Overview

overview

Static

static

d5eda76368...18.exe

windows7-x64

d5eda76368...18.exe

windows10-2004-x64

Sharing

General

Target

d5eda76368c1928bda619b1450d39833_JaffaCakes118
Size

164KB
Sample

240909-j27jja1eje
MD5

d5eda76368c1928bda619b1450d39833
SHA1

a2cd9e16d28f6ceb434bd77fa8306597b95f1bf2
SHA256

4a54a68f73b096fb4c8fc64b4ebb60a1c2e8083ee0c5536883eca1a2802aa14a
SHA512

a68235220330a6c15ec63ff4d53460d5c3ec727f87acc9d26af4371ead38cf92f22ebedc03c9b768b1e16694f7764d3ebc0c47017a294ad6776e650a66fc0ec2
SSDEEP

3072:GhtsgbRrvh84QOtsVfgHWSTHSN2qhhvmmbKQUBd0amgROD+/:Axrva4QT4ANbhvmmjUrDmX6/

Score

10^/10

modiloader defense_evasion discovery trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

d5eda76368c1928bda619b1450d39833_JaffaCakes118.exe

Resource

win7-20240708-en

modiloader defense_evasion discovery trojan upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

d5eda76368c1928bda619b1450d39833_JaffaCakes118.exe

Resource

win10v2004-20240802-en

modiloader defense_evasion discovery trojan upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  d5eda76368c1928bda619b1450d39833_JaffaCakes118
- Size
  
  164KB
- MD5
  
  d5eda76368c1928bda619b1450d39833
- SHA1
  
  a2cd9e16d28f6ceb434bd77fa8306597b95f1bf2
- SHA256
  
  4a54a68f73b096fb4c8fc64b4ebb60a1c2e8083ee0c5536883eca1a2802aa14a
- SHA512
  
  a68235220330a6c15ec63ff4d53460d5c3ec727f87acc9d26af4371ead38cf92f22ebedc03c9b768b1e16694f7764d3ebc0c47017a294ad6776e650a66fc0ec2
- SSDEEP
  
  3072:GhtsgbRrvh84QOtsVfgHWSTHSN2qhhvmmbKQUBd0amgROD+/:Axrva4QT4ANbhvmmjUrDmX6/
Score

10^/10

modiloader defense_evasion discovery trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Deletes itself
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdefense_evasiondiscoverytrojanupx

behavioral2

modiloaderdefense_evasiondiscoverytrojanupx

© 2018-2025

Terms | Privacy