modiloader | 9600eb65f5f71c4cacdaf718c3d1751da390282546e6f3411f43bf21704362b1 | Triage

Submit
Reports

Overview

overview

Static

static

3

00b99e501a...18.exe

windows7-x64

3

00b99e501a...18.exe

windows10-2004-x64

Sharing

General

Target

00b99e501ab5d79b6eca9539471d2c9d_JaffaCakes118
Size

280KB
Sample

240930-lwvznaydqn
MD5

00b99e501ab5d79b6eca9539471d2c9d
SHA1

51e47097473ac142455a6094ffcce6dfa45c5369
SHA256

9600eb65f5f71c4cacdaf718c3d1751da390282546e6f3411f43bf21704362b1
SHA512

b38b587fb4b84603e2b49f8400afe44817b52cd2883ef5b4b1c8792473bbaf1cbd357d5df721e48f920655151807519c592a3d3726732b53202f69808ff06371
SSDEEP

6144:7y9n70iH6yfi3hRgmDRgHRW456Oex1VufC:7y9SyfEDRgH845M3+C

Score

10^/10

modiloader discovery execution trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

00b99e501ab5d79b6eca9539471d2c9d_JaffaCakes118.exe

Resource

win7-20240903-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

00b99e501ab5d79b6eca9539471d2c9d_JaffaCakes118.exe

Resource

win10v2004-20240802-en

modiloader discovery execution trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  00b99e501ab5d79b6eca9539471d2c9d_JaffaCakes118
- Size
  
  280KB
- MD5
  
  00b99e501ab5d79b6eca9539471d2c9d
- SHA1
  
  51e47097473ac142455a6094ffcce6dfa45c5369
- SHA256
  
  9600eb65f5f71c4cacdaf718c3d1751da390282546e6f3411f43bf21704362b1
- SHA512
  
  b38b587fb4b84603e2b49f8400afe44817b52cd2883ef5b4b1c8792473bbaf1cbd357d5df721e48f920655151807519c592a3d3726732b53202f69808ff06371
- SSDEEP
  
  6144:7y9n70iH6yfi3hRgmDRgHRW456Oex1VufC:7y9SyfEDRgH845M3+C
Score

10^/10

discovery modiloader execution trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- ModiLoader Second Stage
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

modiloaderdiscoveryexecutiontrojan

© 2018-2025

Terms | Privacy