modiloader | 1b74736064474b865c654d4f89b2a14818a41a2af6f2ba28527066de10776639

General

Target

e4eac4c437c74bd1ae0f32a961732422_JaffaCakes118
Size

731KB
Sample

240916-q8aaya1ell
MD5

e4eac4c437c74bd1ae0f32a961732422
SHA1

e938d42d5b08bc56d89db0ec5adce144160a583c
SHA256

1b74736064474b865c654d4f89b2a14818a41a2af6f2ba28527066de10776639
SHA512

6e5d218df95143720437bc7f616066d4a2403f91d903b4cd8eed73a1c7912b6be333719e6d512db074de791b5e0dccab6e7b3aedb721c1b63022ec685f736ed0
SSDEEP

12288:Hmmo7YNQzGnBaWnBsPDqWOFqetuiaSwXb0lvIfU+5wOAjlXIYuqjo:GvwQyBaWnBCqyaaNCM2OAjpIj

Score

10^/10

Malware Config

Targets

- Target
  
  e4eac4c437c74bd1ae0f32a961732422_JaffaCakes118
- Size
  
  731KB
- MD5
  
  e4eac4c437c74bd1ae0f32a961732422
- SHA1
  
  e938d42d5b08bc56d89db0ec5adce144160a583c
- SHA256
  
  1b74736064474b865c654d4f89b2a14818a41a2af6f2ba28527066de10776639
- SHA512
  
  6e5d218df95143720437bc7f616066d4a2403f91d903b4cd8eed73a1c7912b6be333719e6d512db074de791b5e0dccab6e7b3aedb721c1b63022ec685f736ed0
- SSDEEP
  
  12288:Hmmo7YNQzGnBaWnBsPDqWOFqetuiaSwXb0lvIfU+5wOAjlXIYuqjo:GvwQyBaWnBCqyaaNCM2OAjpIj
Score

10^/10

modiloader discovery evasion trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

3

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

ModiLoader, DBatLoader

ModiLoader Second Stage

Checks computer location settings

Executes dropped EXE

UPX packed file

Checks whether UAC is enabled

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2