modiloader | d70df994e8e3c65822d93e49c89f1055754bac0302c47164ef04af1c89f39dc2 | Triage

Submit
Reports

Overview

overview

Static

static

3

f86081b76d...18.exe

windows7-x64

f86081b76d...18.exe

windows10-2004-x64

Sharing

General

Target

f86081b76d29cce4dffb7ce93780dd8a_JaffaCakes118
Size

159KB
Sample

240926-ppwjdsxbnr
MD5

f86081b76d29cce4dffb7ce93780dd8a
SHA1

143de15fcae2f81c55b73bec1a81bb857c4a7f98
SHA256

d70df994e8e3c65822d93e49c89f1055754bac0302c47164ef04af1c89f39dc2
SHA512

d8e640d4d4f654207b4b016a9b8d44a98a22597b5f95cbfb6dd3b07ce31f8315230140d616957fff1bcdf8318ab8012f09621103c86067397654359c534d4696
SSDEEP

3072:CDZVhu2wUviRJaS9mjDwLAf/avlp0sue7hD3yZO7Sw8HxfQEybPBifXp:CtVhcwsMwLgKnue712OGwExfQEyNiPp

Score

10^/10

modiloader defense_evasion discovery persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f86081b76d29cce4dffb7ce93780dd8a_JaffaCakes118.exe

Resource

win7-20240903-en

modiloader defense_evasion discovery persistence trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

f86081b76d29cce4dffb7ce93780dd8a_JaffaCakes118.exe

Resource

win10v2004-20240802-en

modiloader defense_evasion discovery persistence trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  f86081b76d29cce4dffb7ce93780dd8a_JaffaCakes118
- Size
  
  159KB
- MD5
  
  f86081b76d29cce4dffb7ce93780dd8a
- SHA1
  
  143de15fcae2f81c55b73bec1a81bb857c4a7f98
- SHA256
  
  d70df994e8e3c65822d93e49c89f1055754bac0302c47164ef04af1c89f39dc2
- SHA512
  
  d8e640d4d4f654207b4b016a9b8d44a98a22597b5f95cbfb6dd3b07ce31f8315230140d616957fff1bcdf8318ab8012f09621103c86067397654359c534d4696
- SSDEEP
  
  3072:CDZVhu2wUviRJaS9mjDwLAf/avlp0sue7hD3yZO7Sw8HxfQEybPBifXp:CtVhcwsMwLgKnue712OGwExfQEyNiPp
Score

10^/10

modiloader defense_evasion discovery persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Server Software Component: Terminal Services DLL
  persistence
- Deletes itself
- Loads dropped DLL
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdefense_evasiondiscoverypersistencetrojan

behavioral2

modiloaderdefense_evasiondiscoverypersistencetrojan

© 2018-2025

Terms | Privacy