modiloader | a5e4209934ad961d7ba16168366b73ff156cb47fde69647dbd3ae74b315428fa | Triage

Submit
Reports

Overview

overview

Static

static

3

833e252339...18.exe

windows7-x64

833e252339...18.exe

windows10-2004-x64

Sharing

General

Target

833e25233992bb9556c609abdcadd11a_JaffaCakes118
Size

723KB
Sample

241031-rhj8wszfmk
MD5

833e25233992bb9556c609abdcadd11a
SHA1

3e80b309e2b3405906b4a1bf19d026ba3399e5ab
SHA256

a5e4209934ad961d7ba16168366b73ff156cb47fde69647dbd3ae74b315428fa
SHA512

5f2da24ff3122337af58ecacc6bb427778b8fa072569a4aebb553d0ab3a6dde31a1d92cd42c6de44dd786afc260a398662cd0684d92428477fa52f24909bbced
SSDEEP

12288:MmiUu4i7Qgq0TRo48OY+ahueMKzlZF3Z4mxxMDqVTVOCu:qUuDlq0TeT2aHZQmXrVTzu

Score

10^/10

modiloader discovery persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

833e25233992bb9556c609abdcadd11a_JaffaCakes118.exe

Resource

win7-20240903-en

modiloader discovery persistence trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

833e25233992bb9556c609abdcadd11a_JaffaCakes118.exe

Resource

win10v2004-20241007-en

modiloader discovery persistence trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  833e25233992bb9556c609abdcadd11a_JaffaCakes118
- Size
  
  723KB
- MD5
  
  833e25233992bb9556c609abdcadd11a
- SHA1
  
  3e80b309e2b3405906b4a1bf19d026ba3399e5ab
- SHA256
  
  a5e4209934ad961d7ba16168366b73ff156cb47fde69647dbd3ae74b315428fa
- SHA512
  
  5f2da24ff3122337af58ecacc6bb427778b8fa072569a4aebb553d0ab3a6dde31a1d92cd42c6de44dd786afc260a398662cd0684d92428477fa52f24909bbced
- SSDEEP
  
  12288:MmiUu4i7Qgq0TRo48OY+ahueMKzlZF3Z4mxxMDqVTVOCu:qUuDlq0TeT2aHZQmXrVTzu
Score

10^/10

modiloader discovery persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modiloader family
  modiloader
- ModiLoader Second Stage
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdiscoverypersistencetrojan

behavioral2

modiloaderdiscoverypersistencetrojan

© 2018-2024

Terms | Privacy