modiloader | 111fe6977249740d31b9af738c485b007ad050f6fc450f54b8e4df60789894ad | Triage

Submit
Reports

Overview

overview

Static

static

e11f797fa0...18.exe

windows7-x64

e11f797fa0...18.exe

windows10-2004-x64

Sharing

General

Target

e11f797fa001457a8de0b985b8efd17e_JaffaCakes118
Size

786KB
Sample

240914-1wrdssyerq
MD5

e11f797fa001457a8de0b985b8efd17e
SHA1

69e9c3e1e7b3c260dc300dcd452ecf26ee1aeef0
SHA256

111fe6977249740d31b9af738c485b007ad050f6fc450f54b8e4df60789894ad
SHA512

fce1cb7ddd88a140786043c4acf1795cf910d28046c2485bf6c5e4e8f7c2fc6514c68de31db4b88ac2ea1b7b43a3a414584f2a9fdd9af2d816656ba87a23c45e
SSDEEP

12288:AlZYc2z1y6lc5AgHQPQjd+d6v75Ce6BODa4ATsuPycl4O8yDl4lmTwA:AlKcI1uYPQjd+s755C3zDxl4lmTB

Score

10^/10

modiloader discovery trojan upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

e11f797fa001457a8de0b985b8efd17e_JaffaCakes118.exe

Resource

win7-20240903-en

modiloader discovery trojan upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

e11f797fa001457a8de0b985b8efd17e_JaffaCakes118.exe

Resource

win10v2004-20240802-en

modiloader discovery trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  e11f797fa001457a8de0b985b8efd17e_JaffaCakes118
- Size
  
  786KB
- MD5
  
  e11f797fa001457a8de0b985b8efd17e
- SHA1
  
  69e9c3e1e7b3c260dc300dcd452ecf26ee1aeef0
- SHA256
  
  111fe6977249740d31b9af738c485b007ad050f6fc450f54b8e4df60789894ad
- SHA512
  
  fce1cb7ddd88a140786043c4acf1795cf910d28046c2485bf6c5e4e8f7c2fc6514c68de31db4b88ac2ea1b7b43a3a414584f2a9fdd9af2d816656ba87a23c45e
- SSDEEP
  
  12288:AlZYc2z1y6lc5AgHQPQjd+d6v75Ce6BODa4ATsuPycl4O8yDl4lmTwA:AlKcI1uYPQjd+s755C3zDxl4lmTB
Score

10^/10

modiloader discovery trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdiscoverytrojanupx

behavioral2

modiloaderdiscoverytrojanupx

© 2018-2025

Terms | Privacy