modiloader | d6ac8915bd833f8f58989a300b4707e1f4a1d15953f05e9081e12da57dd98642 | Triage

Submit
Reports

Overview

overview

Static

static

e689cbd5b6...18.exe

windows7-x64

e689cbd5b6...18.exe

windows10-2004-x64

Sharing

General

Target

e689cbd5b6decdbdd116535028dfb14e_JaffaCakes118
Size

700KB
Sample

240917-lpw85swejc
MD5

e689cbd5b6decdbdd116535028dfb14e
SHA1

1537b6acc219492730eb4dcd29ff724704a7513e
SHA256

d6ac8915bd833f8f58989a300b4707e1f4a1d15953f05e9081e12da57dd98642
SHA512

c13a9f7f7e4dca35856f6f29282b59b077210618aae71c156a48c463bc560c2bfe653a4ca709b453259decb1824690a6a07e99449198bfa6be64e8b1eadc0e78
SSDEEP

12288:4rmRu5u2ev63GCTSp3axiLFcF4Px8TYl99HK1qxbhk8bPOIG:4rm851eS270ih64p8TYl9UahksPOIG

Score

10^/10

modiloader discovery evasion persistence trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

e689cbd5b6decdbdd116535028dfb14e_JaffaCakes118.exe

Resource

win7-20240903-en

modiloader discovery evasion persistence trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

e689cbd5b6decdbdd116535028dfb14e_JaffaCakes118.exe

Resource

win10v2004-20240802-en

modiloader discovery persistence trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  e689cbd5b6decdbdd116535028dfb14e_JaffaCakes118
- Size
  
  700KB
- MD5
  
  e689cbd5b6decdbdd116535028dfb14e
- SHA1
  
  1537b6acc219492730eb4dcd29ff724704a7513e
- SHA256
  
  d6ac8915bd833f8f58989a300b4707e1f4a1d15953f05e9081e12da57dd98642
- SHA512
  
  c13a9f7f7e4dca35856f6f29282b59b077210618aae71c156a48c463bc560c2bfe653a4ca709b453259decb1824690a6a07e99449198bfa6be64e8b1eadc0e78
- SSDEEP
  
  12288:4rmRu5u2ev63GCTSp3axiLFcF4Px8TYl99HK1qxbhk8bPOIG:4rm851eS270ih64p8TYl9UahksPOIG
Score

10^/10

modiloader discovery evasion persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies WinLogon for persistence
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- ModiLoader Second Stage
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdiscoveryevasionpersistencetrojan

behavioral2

modiloaderdiscoverypersistencetrojan

© 2018-2025

Terms | Privacy