modiloader | 440b81055de0d438e7ae2e6b7a8d8105c0a99ee53d5069456a31188e4e5659e3 | Triage

Submit
Reports

Overview

overview

Static

static

00c08bf1d9...18.exe

windows7-x64

00c08bf1d9...18.exe

windows10-2004-x64

Sharing

General

Target

00c08bf1d9a92bae9e38cb16864e5a30_JaffaCakes118
Size

733KB
Sample

240930-l1v58atcqb
MD5

00c08bf1d9a92bae9e38cb16864e5a30
SHA1

ce7756f9c23eeb86297de4ab59318397289db8db
SHA256

440b81055de0d438e7ae2e6b7a8d8105c0a99ee53d5069456a31188e4e5659e3
SHA512

fe9eeb25beeaa7953474ca5610b2469db10bb886453306a247d9eb7c1bc3bc0271c9099145931459b5bab631a016e0cfd24c831fb15ef739609928e7e5ea5b91
SSDEEP

12288:o9nTQAiVtuiwlF4w+dGnS0LzPgm8cryDYTS7+W+JipxdWwaH3UqCILs9:o9nNMmlyeS0LzgsryuS7+WH1xx

Score

10^/10

modiloader defense_evasion discovery persistence trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

00c08bf1d9a92bae9e38cb16864e5a30_JaffaCakes118.exe

Resource

win7-20240903-en

modiloader defense_evasion discovery persistence trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

00c08bf1d9a92bae9e38cb16864e5a30_JaffaCakes118.exe

Resource

win10v2004-20240802-en

modiloader defense_evasion discovery persistence trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  00c08bf1d9a92bae9e38cb16864e5a30_JaffaCakes118
- Size
  
  733KB
- MD5
  
  00c08bf1d9a92bae9e38cb16864e5a30
- SHA1
  
  ce7756f9c23eeb86297de4ab59318397289db8db
- SHA256
  
  440b81055de0d438e7ae2e6b7a8d8105c0a99ee53d5069456a31188e4e5659e3
- SHA512
  
  fe9eeb25beeaa7953474ca5610b2469db10bb886453306a247d9eb7c1bc3bc0271c9099145931459b5bab631a016e0cfd24c831fb15ef739609928e7e5ea5b91
- SSDEEP
  
  12288:o9nTQAiVtuiwlF4w+dGnS0LzPgm8cryDYTS7+W+JipxdWwaH3UqCILs9:o9nNMmlyeS0LzgsryuS7+WH1xx
Score

10^/10

modiloader defense_evasion discovery persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Impair Defenses: Safe Mode Boot
  defense_evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Safe Mode Boot

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdefense_evasiondiscoverypersistencetrojan

behavioral2

modiloaderdefense_evasiondiscoverypersistencetrojan

© 2018-2025

Terms | Privacy