modiloader | 23d03b8283240900409ec631628380cd927ab20dff71a92362b39ea754a052e7

General

Target

da90e1581b97f0735eeafdd1734a30bb_JaffaCakes118
Size

1.2MB
Sample

240911-rz5k6awflb
MD5

da90e1581b97f0735eeafdd1734a30bb
SHA1

7ac536e962dc8ee943f352dab62eaf1c2b219e42
SHA256

23d03b8283240900409ec631628380cd927ab20dff71a92362b39ea754a052e7
SHA512

7bbbc7c5d6566d36fd8c78fe00fed531336fa26936ab3b898544ee53fcc2345ca654327dba78c46eb922dc1011863fe549e113500e277edd67e260b9eb310c90
SSDEEP

24576:GvwQyBaWnBCqyaaNCM2OAj2uDqhwjHYGP2rl5r:GvlyBaWntyrNBlAiuGhwsGUr

Score

10^/10

Malware Config

Targets

- Target
  
  da90e1581b97f0735eeafdd1734a30bb_JaffaCakes118
- Size
  
  1.2MB
- MD5
  
  da90e1581b97f0735eeafdd1734a30bb
- SHA1
  
  7ac536e962dc8ee943f352dab62eaf1c2b219e42
- SHA256
  
  23d03b8283240900409ec631628380cd927ab20dff71a92362b39ea754a052e7
- SHA512
  
  7bbbc7c5d6566d36fd8c78fe00fed531336fa26936ab3b898544ee53fcc2345ca654327dba78c46eb922dc1011863fe549e113500e277edd67e260b9eb310c90
- SSDEEP
  
  24576:GvwQyBaWnBCqyaaNCM2OAj2uDqhwjHYGP2rl5r:GvlyBaWntyrNBlAiuGhwsGUr
Score

10^/10

modiloader discovery evasion trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

3

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

ModiLoader, DBatLoader

ModiLoader Second Stage

Checks computer location settings

Executes dropped EXE

Checks whether UAC is enabled

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2