modiloader | b044e31574fbe002c75debfddc5e8ac596d1f829442c2f317acf561f2f088553 | Triage

Submit
Reports

Overview

overview

Static

static

da93bda485...18.exe

windows7-x64

da93bda485...18.exe

windows10-2004-x64

Sharing

General

Target

da93bda4853af867d4c15e754f66b418_JaffaCakes118
Size

451KB
Sample

240911-r44veswhla
MD5

da93bda4853af867d4c15e754f66b418
SHA1

ac4e8395721796a20e92223444850b88f6b715a3
SHA256

b044e31574fbe002c75debfddc5e8ac596d1f829442c2f317acf561f2f088553
SHA512

6f2d10d7d398954e6e5883ff65d0a67cbcbb9287fbfd4483020154939ce28a8dcd45d394d81ba275ffa957db975359cb24f56c1f8af6ea79ab3ce2e6839eb41e
SSDEEP

12288:ejiXA41lD6SFzhWmQLV49hXnT5EsbNQ5b:ejih1F6CzhWmQLIhXnT5E0Ib

Score

10^/10

modiloader defense_evasion discovery persistence trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

da93bda4853af867d4c15e754f66b418_JaffaCakes118.exe

Resource

win7-20240903-en

modiloader defense_evasion discovery persistence trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

da93bda4853af867d4c15e754f66b418_JaffaCakes118.exe

Resource

win10v2004-20240802-en

modiloader defense_evasion discovery persistence trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  da93bda4853af867d4c15e754f66b418_JaffaCakes118
- Size
  
  451KB
- MD5
  
  da93bda4853af867d4c15e754f66b418
- SHA1
  
  ac4e8395721796a20e92223444850b88f6b715a3
- SHA256
  
  b044e31574fbe002c75debfddc5e8ac596d1f829442c2f317acf561f2f088553
- SHA512
  
  6f2d10d7d398954e6e5883ff65d0a67cbcbb9287fbfd4483020154939ce28a8dcd45d394d81ba275ffa957db975359cb24f56c1f8af6ea79ab3ce2e6839eb41e
- SSDEEP
  
  12288:ejiXA41lD6SFzhWmQLV49hXnT5EsbNQ5b:ejih1F6CzhWmQLIhXnT5E0Ib
Score

10^/10

modiloader defense_evasion discovery persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies WinLogon for persistence
  persistence
- ModiLoader Second Stage
- Deletes itself
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Indicator Removal

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdefense_evasiondiscoverypersistencetrojan

behavioral2

modiloaderdefense_evasiondiscoverypersistencetrojan

© 2018-2025

Terms | Privacy