modiloader | 01b9b754e1c0094d2d9e3361ec13e7ad2e627e922d6e13d3ebf0b109e6729cdd | Triage

Submit
Reports

Overview

overview

Static

static

f0592bed49...18.exe

windows7-x64

f0592bed49...18.exe

windows10-2004-x64

Sharing

General

Target

f0592bed49a86e2ffeda5c754fc9b99b_JaffaCakes118
Size

959KB
Sample

240921-wl4h6avgrh
MD5

f0592bed49a86e2ffeda5c754fc9b99b
SHA1

41009fc985883c872192c4a280c957fc314d4a5e
SHA256

01b9b754e1c0094d2d9e3361ec13e7ad2e627e922d6e13d3ebf0b109e6729cdd
SHA512

9e124963de642d7aaf904e37d5a4096785e1c7a930d7a920cac1a18f5353a232ae79f8607a1b41be2f814fc64a1383a24beb7103f3f0353d38f7196127d5f7e9
SSDEEP

12288:SryEOFaG07Vubv+nR70mW0F37omjiZnS9Qjrl+bKeD8lsQ/FbVVPJIOWFeJu46/0:w5r7XBWoU+iv+bf0jZSOKqu4pBObP8

Score

10^/10

modiloader defense_evasion discovery trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

f0592bed49a86e2ffeda5c754fc9b99b_JaffaCakes118.exe

Resource

win7-20240903-en

modiloader defense_evasion discovery trojan upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

f0592bed49a86e2ffeda5c754fc9b99b_JaffaCakes118.exe

Resource

win10v2004-20240802-en

modiloader defense_evasion discovery trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  f0592bed49a86e2ffeda5c754fc9b99b_JaffaCakes118
- Size
  
  959KB
- MD5
  
  f0592bed49a86e2ffeda5c754fc9b99b
- SHA1
  
  41009fc985883c872192c4a280c957fc314d4a5e
- SHA256
  
  01b9b754e1c0094d2d9e3361ec13e7ad2e627e922d6e13d3ebf0b109e6729cdd
- SHA512
  
  9e124963de642d7aaf904e37d5a4096785e1c7a930d7a920cac1a18f5353a232ae79f8607a1b41be2f814fc64a1383a24beb7103f3f0353d38f7196127d5f7e9
- SSDEEP
  
  12288:SryEOFaG07Vubv+nR70mW0F37omjiZnS9Qjrl+bKeD8lsQ/FbVVPJIOWFeJu46/0:w5r7XBWoU+iv+bf0jZSOKqu4pBObP8
Score

10^/10

modiloader defense_evasion discovery trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdefense_evasiondiscoverytrojanupx

behavioral2

modiloaderdefense_evasiondiscoverytrojanupx

© 2018-2025

Terms | Privacy