modiloader | 2b6b8f9608123c8177ba3f730bce248deb95e190c978649c91da2d75db49b92f | Triage

Submit
Reports

Overview

overview

Static

static

3

f46adf6cfe...18.exe

windows7-x64

f46adf6cfe...18.exe

windows10-2004-x64

3

Sharing

General

Target

f46adf6cfe76fda0d879d0e16d8aec95_JaffaCakes118
Size

1.1MB
Sample

240924-ywna2asglq
MD5

f46adf6cfe76fda0d879d0e16d8aec95
SHA1

8318b3ff514a6c48b713c885b913cd5ac2599d64
SHA256

2b6b8f9608123c8177ba3f730bce248deb95e190c978649c91da2d75db49b92f
SHA512

0f23a7a4c0fe9a9a3b6b66e23621c25d46a3afc57354e6838c5d74f914b10eff98cda67f0e1781e2261e042fa081332821515228fc31074fa4c90b70a59544e3
SSDEEP

24576:9ClXWrGoqEGgMwK5+0UigR1AzzRXfhAQxsTwBc:4dWNn++hRKzFXfhAZ

Score

10^/10

modiloader discovery persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f46adf6cfe76fda0d879d0e16d8aec95_JaffaCakes118.exe

Resource

win7-20240903-en

modiloader discovery persistence trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

f46adf6cfe76fda0d879d0e16d8aec95_JaffaCakes118.exe

Resource

win10v2004-20240802-en

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Targets

- Target
  
  f46adf6cfe76fda0d879d0e16d8aec95_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  f46adf6cfe76fda0d879d0e16d8aec95
- SHA1
  
  8318b3ff514a6c48b713c885b913cd5ac2599d64
- SHA256
  
  2b6b8f9608123c8177ba3f730bce248deb95e190c978649c91da2d75db49b92f
- SHA512
  
  0f23a7a4c0fe9a9a3b6b66e23621c25d46a3afc57354e6838c5d74f914b10eff98cda67f0e1781e2261e042fa081332821515228fc31074fa4c90b70a59544e3
- SSDEEP
  
  24576:9ClXWrGoqEGgMwK5+0UigR1AzzRXfhAQxsTwBc:4dWNn++hRKzFXfhAZ
Score

10^/10

modiloader discovery persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Sets service image path in registry
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdiscoverypersistencetrojan

behavioral2

© 2018-2025

Terms | Privacy