modiloader | 735514e403de2583988de98ee5cc77630db8cbbb559bfdb434f201f8d572bdc8 | Triage

Submit
Reports

Overview

overview

Static

static

7

e0b9fd9fe0...18.exe

windows10-2004-x64

Sharing

General

Target

e0b9fd9fe000c11008e72559c16919c5_JaffaCakes118
Size

267KB
Sample

240914-wksp9sxbrk
MD5

e0b9fd9fe000c11008e72559c16919c5
SHA1

60f0c437648b9e02108647194663a2aee5ceb9ac
SHA256

735514e403de2583988de98ee5cc77630db8cbbb559bfdb434f201f8d572bdc8
SHA512

70493f87809790328f4791a7603faef492843d34b01f32836ed7c7d67228b7a4ba116b96a04c3f24829f21073a0160216b5a0e93f87b64a307967622b6e8798f
SSDEEP

6144:xcjpFHs/EVcASserpbYf3E/C9ZfJe/41Pn42h0TrhcTtF6mr7x3B:xcjpFyy+pbYf3Pg41PFiTrhcTt4a1B

Score

10^/10

modiloader defense_evasion discovery persistence trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

e0b9fd9fe000c11008e72559c16919c5_JaffaCakes118.exe

Resource

win10v2004-20240910-en

modiloader defense_evasion discovery persistence trojan upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  e0b9fd9fe000c11008e72559c16919c5_JaffaCakes118
- Size
  
  267KB
- MD5
  
  e0b9fd9fe000c11008e72559c16919c5
- SHA1
  
  60f0c437648b9e02108647194663a2aee5ceb9ac
- SHA256
  
  735514e403de2583988de98ee5cc77630db8cbbb559bfdb434f201f8d572bdc8
- SHA512
  
  70493f87809790328f4791a7603faef492843d34b01f32836ed7c7d67228b7a4ba116b96a04c3f24829f21073a0160216b5a0e93f87b64a307967622b6e8798f
- SSDEEP
  
  6144:xcjpFHs/EVcASserpbYf3E/C9ZfJe/41Pn42h0TrhcTtF6mr7x3B:xcjpFyy+pbYf3Pg41PFiTrhcTt4a1B
Score

10^/10

modiloader defense_evasion discovery persistence trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Impair Defenses: Safe Mode Boot
  defense_evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Safe Mode Boot

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdefense_evasiondiscoverypersistencetrojanupx

© 2018-2025

Terms | Privacy