modiloader | df8c2a40c95c32cfd14666d8b595fe44df58f34784dece3ff661220ef5566527 | Triage

Submit
Reports

Overview

overview

Static

static

5

fa0affb22c...18.exe

windows7-x64

fa0affb22c...18.exe

windows10-2004-x64

Sharing

General

Target

fa0affb22c9b2755e536a0a44e555164_JaffaCakes118
Size

181KB
Sample

240927-j4mbdawclg
MD5

fa0affb22c9b2755e536a0a44e555164
SHA1

4eaf3d57e969f72f4140f3e9301e03d59bfa9cdb
SHA256

df8c2a40c95c32cfd14666d8b595fe44df58f34784dece3ff661220ef5566527
SHA512

2d8d1ecdc52a7dc71b047dc8ea3bdf724f1098984f5b7f2b23ffc5936cb09600e78d9ee17c675f4a27e3d1f8439dbe9185a850a6862e7d116ecb57c02b28ce4f
SSDEEP

3072:YDCuZBz4kQZbXQRH2mlj7ud7s01Dp7oOM7w4C:YDCC45Zb2WW6dY0Jp7oLf

Score

10^/10

modiloader discovery persistence trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

fa0affb22c9b2755e536a0a44e555164_JaffaCakes118.exe

Resource

win7-20240903-en

modiloader discovery persistence trojan upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

fa0affb22c9b2755e536a0a44e555164_JaffaCakes118.exe

Resource

win10v2004-20240802-en

modiloader discovery persistence trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  fa0affb22c9b2755e536a0a44e555164_JaffaCakes118
- Size
  
  181KB
- MD5
  
  fa0affb22c9b2755e536a0a44e555164
- SHA1
  
  4eaf3d57e969f72f4140f3e9301e03d59bfa9cdb
- SHA256
  
  df8c2a40c95c32cfd14666d8b595fe44df58f34784dece3ff661220ef5566527
- SHA512
  
  2d8d1ecdc52a7dc71b047dc8ea3bdf724f1098984f5b7f2b23ffc5936cb09600e78d9ee17c675f4a27e3d1f8439dbe9185a850a6862e7d116ecb57c02b28ce4f
- SSDEEP
  
  3072:YDCuZBz4kQZbXQRH2mlj7ud7s01Dp7oOM7w4C:YDCC45Zb2WW6dY0Jp7oLf
Score

10^/10

modiloader discovery persistence trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies WinLogon for persistence
  persistence
- ModiLoader Second Stage
- Executes dropped EXE
- Adds Run key to start application
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdiscoverypersistencetrojanupx

behavioral2

modiloaderdiscoverypersistencetrojanupx

© 2018-2025

Terms | Privacy