modiloader | bbfd67ecbba56ef45ffbf6f6e6f42d45b9b90e658696624ffc7c863ffd34dc00 | Triage

Submit
Reports

Overview

overview

Static

static

3

f7a573d421...18.exe

windows7-x64

f7a573d421...18.exe

windows10-2004-x64

Sharing

General

Target

f7a573d4212356d6ba9df1ad6de4b65a_JaffaCakes118
Size

505KB
Sample

240926-fx5ycsseng
MD5

f7a573d4212356d6ba9df1ad6de4b65a
SHA1

056946d5c619d60a8974ebe0e99101f9d2549983
SHA256

bbfd67ecbba56ef45ffbf6f6e6f42d45b9b90e658696624ffc7c863ffd34dc00
SHA512

71090f970ee41e72aa4cff334fc42a854f765ae9d531b555b14059f6fae44c6208812edb7ad37140fe470fa9e535ae81bf8e1b1963fdc08f59f3569b8555cc89
SSDEEP

12288:/1Pfg6oj5BKTM7O9QF3Z4mxxsah+dfsYJ:tPVqBKGO2QmXJh+dbJ

Score

10^/10

modiloader defense_evasion discovery persistence trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f7a573d4212356d6ba9df1ad6de4b65a_JaffaCakes118.exe

Resource

win7-20240704-en

modiloader defense_evasion discovery persistence trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

f7a573d4212356d6ba9df1ad6de4b65a_JaffaCakes118.exe

Resource

win10v2004-20240802-en

modiloader defense_evasion discovery persistence trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  f7a573d4212356d6ba9df1ad6de4b65a_JaffaCakes118
- Size
  
  505KB
- MD5
  
  f7a573d4212356d6ba9df1ad6de4b65a
- SHA1
  
  056946d5c619d60a8974ebe0e99101f9d2549983
- SHA256
  
  bbfd67ecbba56ef45ffbf6f6e6f42d45b9b90e658696624ffc7c863ffd34dc00
- SHA512
  
  71090f970ee41e72aa4cff334fc42a854f765ae9d531b555b14059f6fae44c6208812edb7ad37140fe470fa9e535ae81bf8e1b1963fdc08f59f3569b8555cc89
- SSDEEP
  
  12288:/1Pfg6oj5BKTM7O9QF3Z4mxxsah+dfsYJ:tPVqBKGO2QmXJh+dbJ
Score

10^/10

modiloader defense_evasion discovery persistence trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Server Software Component: Terminal Services DLL
  persistence
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Deletes itself
- Loads dropped DLL
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdefense_evasiondiscoverypersistencetrojanupx

behavioral2

modiloaderdefense_evasiondiscoverypersistencetrojanupx

© 2018-2025

Terms | Privacy