modiloader | 72683be5df459f9f67ee4cf9a670663166f0df7f72bb2bdf80ad459d52cc966e | Triage

Submit
Reports

Overview

overview

Static

static

3

df0e10451d...18.exe

windows7-x64

df0e10451d...18.exe

windows10-2004-x64

Sharing

General

Target

df0e10451d74d8b0f6dec9307b3af3e8_JaffaCakes118
Size

98KB
Sample

240913-2x153avakf
MD5

df0e10451d74d8b0f6dec9307b3af3e8
SHA1

7b37e201b9d7393b17a4476bead0e63dd4bb76fd
SHA256

72683be5df459f9f67ee4cf9a670663166f0df7f72bb2bdf80ad459d52cc966e
SHA512

d188330aad45c043074ca92ab873708d09a776fad18b16ad6074ae8dd35434c3404aeee8fb2359fee5e2a9b44a79bae9c21b56552c023adc6105a9350c8cae8b
SSDEEP

3072:q3HnXCsf2Cp2GivcxwPnzEx6bfd7DmhqUxWs:CHnXTfv3gzEx6bVOzxF

Score

10^/10

modiloader defense_evasion discovery trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

df0e10451d74d8b0f6dec9307b3af3e8_JaffaCakes118.exe

Resource

win7-20240729-en

modiloader defense_evasion discovery trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

df0e10451d74d8b0f6dec9307b3af3e8_JaffaCakes118.exe

Resource

win10v2004-20240802-en

modiloader discovery trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  df0e10451d74d8b0f6dec9307b3af3e8_JaffaCakes118
- Size
  
  98KB
- MD5
  
  df0e10451d74d8b0f6dec9307b3af3e8
- SHA1
  
  7b37e201b9d7393b17a4476bead0e63dd4bb76fd
- SHA256
  
  72683be5df459f9f67ee4cf9a670663166f0df7f72bb2bdf80ad459d52cc966e
- SHA512
  
  d188330aad45c043074ca92ab873708d09a776fad18b16ad6074ae8dd35434c3404aeee8fb2359fee5e2a9b44a79bae9c21b56552c023adc6105a9350c8cae8b
- SSDEEP
  
  3072:q3HnXCsf2Cp2GivcxwPnzEx6bfd7DmhqUxWs:CHnXTfv3gzEx6bVOzxF
Score

10^/10

modiloader defense_evasion discovery trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdefense_evasiondiscoverytrojan

behavioral2

modiloaderdiscoverytrojan

© 2018-2025

Terms | Privacy