modiloader | 5c2f653066d3a4e0ee0af293b9c3800220603e992a630e9181065aef7c2dc68e | Triage

Submit
Reports

Overview

overview

Static

static

e10bcf6b5e...18.exe

windows7-x64

e10bcf6b5e...18.exe

windows10-2004-x64

Sharing

General

Target

e10bcf6b5e436eb96ad92ac2ef8317df_JaffaCakes118
Size

282KB
Sample

240914-z2w1ssxalb
MD5

e10bcf6b5e436eb96ad92ac2ef8317df
SHA1

bf87fb1f340d751d3ef183c98003903293a51052
SHA256

5c2f653066d3a4e0ee0af293b9c3800220603e992a630e9181065aef7c2dc68e
SHA512

8b1ffca777c01b4d3768cbcb394f7ec179d22d7cbd61d41f77d631ca765b741aa2a58634843b6dbee093d8591eefb540565a9b5f20434b49976a5d2cee236943
SSDEEP

6144:w6LRwbLWfBuCFSvJBpuQiEdsgVwufvUkvKoC5BnQXjdU:TObHCFSvJBpDvG5zmq

Score

10^/10

modiloader defense_evasion discovery persistence trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

e10bcf6b5e436eb96ad92ac2ef8317df_JaffaCakes118.exe

Resource

win7-20240903-en

modiloader defense_evasion discovery persistence trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

e10bcf6b5e436eb96ad92ac2ef8317df_JaffaCakes118.exe

Resource

win10v2004-20240802-en

modiloader defense_evasion discovery persistence trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  e10bcf6b5e436eb96ad92ac2ef8317df_JaffaCakes118
- Size
  
  282KB
- MD5
  
  e10bcf6b5e436eb96ad92ac2ef8317df
- SHA1
  
  bf87fb1f340d751d3ef183c98003903293a51052
- SHA256
  
  5c2f653066d3a4e0ee0af293b9c3800220603e992a630e9181065aef7c2dc68e
- SHA512
  
  8b1ffca777c01b4d3768cbcb394f7ec179d22d7cbd61d41f77d631ca765b741aa2a58634843b6dbee093d8591eefb540565a9b5f20434b49976a5d2cee236943
- SSDEEP
  
  6144:w6LRwbLWfBuCFSvJBpuQiEdsgVwufvUkvKoC5BnQXjdU:TObHCFSvJBpDvG5zmq
Score

10^/10

modiloader defense_evasion discovery persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Server Software Component: Terminal Services DLL
  persistence
- Deletes itself
- Loads dropped DLL
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdefense_evasiondiscoverypersistencetrojan

behavioral2

modiloaderdefense_evasiondiscoverypersistencetrojan

© 2018-2025

Terms | Privacy