modiloader | 0158f8481620630ff2773d12a95731a090fd782b1b3425eb199282729995bcf3 | Triage

Submit
Reports

Overview

overview

Static

static

e90e04d1b1...18.exe

windows7-x64

e90e04d1b1...18.exe

windows10-2004-x64

Sharing

General

Target

e90e04d1b158166cde595a5a4b8a7565_JaffaCakes118
Size

169KB
Sample

240918-n1hk8szflq
MD5

e90e04d1b158166cde595a5a4b8a7565
SHA1

c2d0531b612d78e29eefa060a007d500ca734b50
SHA256

0158f8481620630ff2773d12a95731a090fd782b1b3425eb199282729995bcf3
SHA512

c6941e7a8cdfe6c6f042d0df7f57314a11cbc87262dd1c297dee6d518e6cf21241ac423dabf32e76d20345e3c9ea72e115e3ee907d84312e4e79af8ab91c6de5
SSDEEP

3072:l18Rkbrg4xQanJgIdkS8eaSeHy53u621mOQHgf1rgJoVPhJjnkRdXxajCW8FbfwP:uu31taSeHm3PvOQAf1kJchJjw5xajSFy

Score

10^/10

modiloader discovery trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

e90e04d1b158166cde595a5a4b8a7565_JaffaCakes118.exe

Resource

win7-20240903-en

modiloader discovery trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

e90e04d1b158166cde595a5a4b8a7565_JaffaCakes118.exe

Resource

win10v2004-20240802-en

modiloader discovery trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  e90e04d1b158166cde595a5a4b8a7565_JaffaCakes118
- Size
  
  169KB
- MD5
  
  e90e04d1b158166cde595a5a4b8a7565
- SHA1
  
  c2d0531b612d78e29eefa060a007d500ca734b50
- SHA256
  
  0158f8481620630ff2773d12a95731a090fd782b1b3425eb199282729995bcf3
- SHA512
  
  c6941e7a8cdfe6c6f042d0df7f57314a11cbc87262dd1c297dee6d518e6cf21241ac423dabf32e76d20345e3c9ea72e115e3ee907d84312e4e79af8ab91c6de5
- SSDEEP
  
  3072:l18Rkbrg4xQanJgIdkS8eaSeHy53u621mOQHgf1rgJoVPhJjnkRdXxajCW8FbfwP:uu31taSeHm3PvOQAf1kJchJjw5xajSFy
Score

10^/10

modiloader discovery trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdiscoverytrojan

behavioral2

modiloaderdiscoverytrojan

© 2018-2025

Terms | Privacy