modiloader | 61202a7384e03ce735633ff56b7414f3685666548d9acda67b2d7d502a0a488e | Triage

Submit
Reports

Overview

overview

Static

static

daa04d8ece...18.exe

windows7-x64

daa04d8ece...18.exe

windows10-2004-x64

Sharing

General

Target

daa04d8eced64e27c5453db3084bf6e7_JaffaCakes118
Size

886KB
Sample

240911-sl1kqaxgna
MD5

daa04d8eced64e27c5453db3084bf6e7
SHA1

8fd338b7c660429db631763c7c4e03a4982edaac
SHA256

61202a7384e03ce735633ff56b7414f3685666548d9acda67b2d7d502a0a488e
SHA512

133cda2ed5efe701dce424869821de31759e523cef2af4a0278ac92aefb75f21e65beea570d2de22418f7abc85eedff9c0117b3e73396d77ea3daddb5f6df4eb
SSDEEP

24576:YS2Vp6RwTk9IBc8AsIKv6ysCLz4zF53c:ip6STRBcDKySnGc

Score

10^/10

modiloader discovery evasion trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

daa04d8eced64e27c5453db3084bf6e7_JaffaCakes118.exe

Resource

win7-20240903-en

modiloader discovery evasion trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

daa04d8eced64e27c5453db3084bf6e7_JaffaCakes118.exe

Resource

win10v2004-20240802-en

modiloader discovery evasion trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  daa04d8eced64e27c5453db3084bf6e7_JaffaCakes118
- Size
  
  886KB
- MD5
  
  daa04d8eced64e27c5453db3084bf6e7
- SHA1
  
  8fd338b7c660429db631763c7c4e03a4982edaac
- SHA256
  
  61202a7384e03ce735633ff56b7414f3685666548d9acda67b2d7d502a0a488e
- SHA512
  
  133cda2ed5efe701dce424869821de31759e523cef2af4a0278ac92aefb75f21e65beea570d2de22418f7abc85eedff9c0117b3e73396d77ea3daddb5f6df4eb
- SSDEEP
  
  24576:YS2Vp6RwTk9IBc8AsIKv6ysCLz4zF53c:ip6STRBcDKySnGc
Score

10^/10

modiloader discovery evasion trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- UAC bypass
  evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- ModiLoader Second Stage
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdiscoveryevasiontrojan

behavioral2

modiloaderdiscoveryevasiontrojan

© 2018-2025

Terms | Privacy