modiloader | 2236e16091423ae368b2af7a1058438c94fa0d49c7073b42391569b6811cdeda | Triage

Submit
Reports

Overview

overview

Static

static

d63e86b58d...18.exe

windows7-x64

d63e86b58d...18.exe

windows10-2004-x64

Sharing

General

Target

d63e86b58d3fd471da49e31f989b0bcb_JaffaCakes118
Size

156KB
Sample

240909-nwv1rswcrj
MD5

d63e86b58d3fd471da49e31f989b0bcb
SHA1

e069058199ff307e70decffea5a2be0d0e1550d7
SHA256

2236e16091423ae368b2af7a1058438c94fa0d49c7073b42391569b6811cdeda
SHA512

2907bfd5e93930bf1022b3f5479a548da84d739536bbf6cce5d6b9ef5ae28474af8eaaf6313c9c2c4bd420dce2961c9ea97efb40e33c31897f4ab23bcb507bac
SSDEEP

3072:1AwmFI1W2EV8zBkojCDPPOEb2ocscv8I/IOO1CPqr0m5Nq:JmFotkIgzb2ocsEhWCy46k

Score

10^/10

modiloader discovery trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

d63e86b58d3fd471da49e31f989b0bcb_JaffaCakes118.exe

Resource

win7-20240903-en

modiloader discovery trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

d63e86b58d3fd471da49e31f989b0bcb_JaffaCakes118.exe

Resource

win10v2004-20240802-en

modiloader discovery trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  d63e86b58d3fd471da49e31f989b0bcb_JaffaCakes118
- Size
  
  156KB
- MD5
  
  d63e86b58d3fd471da49e31f989b0bcb
- SHA1
  
  e069058199ff307e70decffea5a2be0d0e1550d7
- SHA256
  
  2236e16091423ae368b2af7a1058438c94fa0d49c7073b42391569b6811cdeda
- SHA512
  
  2907bfd5e93930bf1022b3f5479a548da84d739536bbf6cce5d6b9ef5ae28474af8eaaf6313c9c2c4bd420dce2961c9ea97efb40e33c31897f4ab23bcb507bac
- SSDEEP
  
  3072:1AwmFI1W2EV8zBkojCDPPOEb2ocscv8I/IOO1CPqr0m5Nq:JmFotkIgzb2ocsEhWCy46k
Score

10^/10

modiloader discovery trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdiscoverytrojan

behavioral2

modiloaderdiscoverytrojan

© 2018-2025

Terms | Privacy