modiloader | 5a219b69ad62ef85d6bc609a415d70b645be099c266323a7ae9baeaa41f1e19e | Triage

Submit
Reports

Overview

overview

Static

static

e0726e119d...18.exe

windows7-x64

e0726e119d...18.exe

windows10-2004-x64

Sharing

General

Target

e0726e119d3f759d7b2b822ba4d42082_JaffaCakes118
Size

316KB
Sample

240914-sj4vcszfjp
MD5

e0726e119d3f759d7b2b822ba4d42082
SHA1

5f2a83c107b329197f0b978a262891bc156e1254
SHA256

5a219b69ad62ef85d6bc609a415d70b645be099c266323a7ae9baeaa41f1e19e
SHA512

05059d95cc47964695e4a00bcfa96667967954f7aa83294ba1d576e5f96cc3974774c7108a76b9994663612ce5db52a0531dea07fa1a186a160c811b49f2d47f
SSDEEP

6144:jTrYXv9MvWR93Z0ilNeZbW9hhUe6MEFEWAV9uk:jTrWEi93Z0ilNe9W97UlM+ppk

Score

10^/10

modiloader defense_evasion discovery persistence trojan upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

e0726e119d3f759d7b2b822ba4d42082_JaffaCakes118.exe

Resource

win7-20240708-en

modiloader defense_evasion discovery persistence trojan upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

e0726e119d3f759d7b2b822ba4d42082_JaffaCakes118.exe

Resource

win10v2004-20240802-en

modiloader defense_evasion discovery persistence trojan upx

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  e0726e119d3f759d7b2b822ba4d42082_JaffaCakes118
- Size
  
  316KB
- MD5
  
  e0726e119d3f759d7b2b822ba4d42082
- SHA1
  
  5f2a83c107b329197f0b978a262891bc156e1254
- SHA256
  
  5a219b69ad62ef85d6bc609a415d70b645be099c266323a7ae9baeaa41f1e19e
- SHA512
  
  05059d95cc47964695e4a00bcfa96667967954f7aa83294ba1d576e5f96cc3974774c7108a76b9994663612ce5db52a0531dea07fa1a186a160c811b49f2d47f
- SSDEEP
  
  6144:jTrYXv9MvWR93Z0ilNeZbW9hhUe6MEFEWAV9uk:jTrWEi93Z0ilNe9W97UlM+ppk
Score

10^/10

modiloader defense_evasion discovery persistence trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Impair Defenses: Safe Mode Boot
  defense_evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Safe Mode Boot

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdefense_evasiondiscoverypersistencetrojanupx

behavioral2

modiloaderdefense_evasiondiscoverypersistencetrojanupx

© 2018-2025

Terms | Privacy