modiloader | c662c613c24cab813db886bdbd014449cd5042c450d6d60506dd1cdc00b15b35 | Triage

Submit
Reports

Overview

overview

Static

static

e0fb98bdce...18.exe

windows7-x64

e0fb98bdce...18.exe

windows10-2004-x64

Sharing

General

Target

e0fb98bdced580dc5abc0f266919a1b3_JaffaCakes118
Size

214KB
Sample

240914-zdcbgsvekf
MD5

e0fb98bdced580dc5abc0f266919a1b3
SHA1

8412a69f8b18beb36ff0ffdc346a35b69356d860
SHA256

c662c613c24cab813db886bdbd014449cd5042c450d6d60506dd1cdc00b15b35
SHA512

f788c80db339a4755858ff0d3ed18f972aff1c8cf108cc30a6cf8c61977df034d3bb5d09b0586c07403480effc1ea5b333144ddc7c4d639bcf9d108d4d7dbe79
SSDEEP

3072:HwQjeGWVQvjlJiBcQKDKOGT6oP23DKXKvuul8BGgHYX/FcOSWvhPdHwjYl7xSfac:Q6WVQvaCD5c23jGGxdjYq4faSn3

Score

10^/10

modiloader defense_evasion discovery persistence trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

e0fb98bdced580dc5abc0f266919a1b3_JaffaCakes118.exe

Resource

win7-20240708-en

modiloader defense_evasion discovery persistence trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

e0fb98bdced580dc5abc0f266919a1b3_JaffaCakes118.exe

Resource

win10v2004-20240802-en

modiloader defense_evasion discovery persistence trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  e0fb98bdced580dc5abc0f266919a1b3_JaffaCakes118
- Size
  
  214KB
- MD5
  
  e0fb98bdced580dc5abc0f266919a1b3
- SHA1
  
  8412a69f8b18beb36ff0ffdc346a35b69356d860
- SHA256
  
  c662c613c24cab813db886bdbd014449cd5042c450d6d60506dd1cdc00b15b35
- SHA512
  
  f788c80db339a4755858ff0d3ed18f972aff1c8cf108cc30a6cf8c61977df034d3bb5d09b0586c07403480effc1ea5b333144ddc7c4d639bcf9d108d4d7dbe79
- SSDEEP
  
  3072:HwQjeGWVQvjlJiBcQKDKOGT6oP23DKXKvuul8BGgHYX/FcOSWvhPdHwjYl7xSfac:Q6WVQvaCD5c23jGGxdjYq4faSn3
Score

10^/10

modiloader defense_evasion discovery persistence trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Server Software Component: Terminal Services DLL
  persistence
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Deletes itself
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdefense_evasiondiscoverypersistencetrojanupx

behavioral2

modiloaderdefense_evasiondiscoverypersistencetrojanupx

© 2018-2025

Terms | Privacy