modiloader | 1f68aea04318ab02258f57a8d24fd0884391cbcc178df9a46942679fc53ac188 | Triage

Submit
Reports

Overview

overview

Static

static

f850e5d761...18.exe

windows7-x64

f850e5d761...18.exe

windows10-2004-x64

Sharing

General

Target

f850e5d761b8795bef61f613bd5bc140_JaffaCakes118
Size

249KB
Sample

240926-n2m74swaqp
MD5

f850e5d761b8795bef61f613bd5bc140
SHA1

5d9f13d67e1c8d63df094c9c83eb112391836fd6
SHA256

1f68aea04318ab02258f57a8d24fd0884391cbcc178df9a46942679fc53ac188
SHA512

4ace3d2c33c01d80b11ced57557fa1841ecbd5eb4825eb21381ec3592ef03b3aa396c948db06f063f7c172e2206bb92e70a5b1d7dd6c93a8e682d8d0b0e74cca
SSDEEP

3072:QPindVxC5N7jB+Iax1M+1SU7VdyFx3wwbRipdX3Iu2i+imVBfcGfS1OWCDHPT3c8:QPidTmN8IaGUZOx5SdIu0VCGWHCE

Score

10^/10

modiloader discovery trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

f850e5d761b8795bef61f613bd5bc140_JaffaCakes118.exe

Resource

win7-20240729-en

modiloader discovery trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

f850e5d761b8795bef61f613bd5bc140_JaffaCakes118.exe

Resource

win10v2004-20240802-en

modiloader discovery trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  f850e5d761b8795bef61f613bd5bc140_JaffaCakes118
- Size
  
  249KB
- MD5
  
  f850e5d761b8795bef61f613bd5bc140
- SHA1
  
  5d9f13d67e1c8d63df094c9c83eb112391836fd6
- SHA256
  
  1f68aea04318ab02258f57a8d24fd0884391cbcc178df9a46942679fc53ac188
- SHA512
  
  4ace3d2c33c01d80b11ced57557fa1841ecbd5eb4825eb21381ec3592ef03b3aa396c948db06f063f7c172e2206bb92e70a5b1d7dd6c93a8e682d8d0b0e74cca
- SSDEEP
  
  3072:QPindVxC5N7jB+Iax1M+1SU7VdyFx3wwbRipdX3Iu2i+imVBfcGfS1OWCDHPT3c8:QPidTmN8IaGUZOx5SdIu0VCGWHCE
Score

10^/10

modiloader discovery trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdiscoverytrojan

behavioral2

modiloaderdiscoverytrojan

© 2018-2025

Terms | Privacy