modiloader | 45542080e00617ab34cb6d39fc1bb036ad2431cf4e51c48fddd19c97caaef9b4

General

Target

e237dea0c1e68a45c8848430fa3758a2_JaffaCakes118
Size

891KB
Sample

240915-lzt7jaxgjd
MD5

e237dea0c1e68a45c8848430fa3758a2
SHA1

28ed9d81abc7af50a3a8c9477624d710d022bf53
SHA256

45542080e00617ab34cb6d39fc1bb036ad2431cf4e51c48fddd19c97caaef9b4
SHA512

e51ffad0f79672a57a850f7423cedb212f525e6b993cb65fd593e6ac20a57ac0d14bc5e41b6c5bf9d1c61bf130fa9a6e30b93514e4ff266c5b31d31a2585a80a
SSDEEP

12288:+mmo7YNQzGnBaWnBsPDqWOFqetuiaSwXb0lvIfU+5wOAj+ctw3+syodhw35q/:1vwQyBaWnBCqyaaNCM2OAj+uDqhwk/

Score

10^/10

Malware Config

Targets

- Target
  
  e237dea0c1e68a45c8848430fa3758a2_JaffaCakes118
- Size
  
  891KB
- MD5
  
  e237dea0c1e68a45c8848430fa3758a2
- SHA1
  
  28ed9d81abc7af50a3a8c9477624d710d022bf53
- SHA256
  
  45542080e00617ab34cb6d39fc1bb036ad2431cf4e51c48fddd19c97caaef9b4
- SHA512
  
  e51ffad0f79672a57a850f7423cedb212f525e6b993cb65fd593e6ac20a57ac0d14bc5e41b6c5bf9d1c61bf130fa9a6e30b93514e4ff266c5b31d31a2585a80a
- SSDEEP
  
  12288:+mmo7YNQzGnBaWnBsPDqWOFqetuiaSwXb0lvIfU+5wOAj+ctw3+syodhw35q/:1vwQyBaWnBCqyaaNCM2OAj+uDqhwk/
Score

10^/10

modiloader discovery evasion trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

3

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

ModiLoader, DBatLoader

ModiLoader Second Stage

Checks computer location settings

Executes dropped EXE

Checks whether UAC is enabled

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2