modiloader | ca566404e57c8cf97f023140ca4744e78e7b0d5441a72cb5811725069fc97822 | Triage

Submit
Reports

Overview

overview

Static

static

7

AMADO BATI...AS.exe

windows7-x64

AMADO BATI...AS.exe

windows10-2004-x64

3

Sharing

General

Target

daaf67b2cc43d606c4b2275ada7a3e8d_JaffaCakes118
Size

1.2MB
Sample

240911-s7n4taydrq
MD5

daaf67b2cc43d606c4b2275ada7a3e8d
SHA1

2d9519255e4ba50985fba6c8bf6d409239dde978
SHA256

ca566404e57c8cf97f023140ca4744e78e7b0d5441a72cb5811725069fc97822
SHA512

8a3309d2d0d5dcd05e3069cb0f4bc7c6b3697fd77565ab3c79beaa6d988b964d778bb7541881d9c7b4dd8e2e7e822b3c552726fd141243dde213d039d98f2425
SSDEEP

24576:2Vm9GpPldnuO+C6IxedXP0XPVAmnbZ5UxXgMC9FsUlBgbe0sx5rjs9ngZWWmrxTv:2ViGNbnz+C6Td8PS8bIxgd9vWeJxpjsD

Score

10^/10

modiloader discovery evasion persistence themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

AMADO BATISTA AS 200 MAIS TOCADAS.exe

Resource

win7-20240903-en

modiloader discovery evasion persistence themida trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

AMADO BATISTA AS 200 MAIS TOCADAS.exe

Resource

win10v2004-20240802-en

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Targets

- Target
  
  AMADO BATISTA AS 200 MAIS TOCADAS.exe
- Size
  
  1.5MB
- MD5
  
  a4650efc9c57af618ba87aedbff6b7a2
- SHA1
  
  b5c68848a9afb34ecec3b8b90eebc5ccf34ce92e
- SHA256
  
  caf314e0b8994c616905f1dbb5f51eb8d809b4d50711da3a2310aa27eca50c76
- SHA512
  
  6e914b7739d8149dc9bf3d0197c29d7d71bff9025c61b26c4459e319a522a9e79a42d7bc2265596356f8b366481d43d4dce0c4ab569debfe361412f774b49344
- SSDEEP
  
  24576:MPa4/N6HG4g11NnWRJG1dieO1lkW+BaNQiR0B3awahYESR+lqniV+FH8:MVCa14siect+B84Vx0YEvknisc
Score

10^/10

modiloader discovery evasion persistence themida trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- UAC bypass
  evasion trojan
- ModiLoader Second Stage
- Executes dropped EXE
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdiscoveryevasionpersistencethemidatrojan

behavioral2

© 2018-2025

Terms | Privacy