modiloader | 81f31211ec6450740c642ed4672882f0cd76e655d047b4bd6611c7ee398cb747

Analysis

max time kernel
141s
max time network
127s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02-11-2024 20:31

Target

8794d806c98728025528893f4dc79ba3_JaffaCakes118.exe
Size

651KB
MD5

8794d806c98728025528893f4dc79ba3
SHA1

366db2c7b135196e43ef1ba22806bf9cc8c07f30
SHA256

81f31211ec6450740c642ed4672882f0cd76e655d047b4bd6611c7ee398cb747
SHA512

7ba8d5dea97b7513febac34872eed4fe1ca686cb7322ee4c9c89ba481c7055938e6b3cd5aa19f661cef4cb72dcd0489de3dc01e7e76d6c33b7f3f8bf00bf8a2a
SSDEEP

12288:kpyZT1QrCxu/mDwLRI6BxcDqp9aqCcajVuD3Z7BPQGMWYur0s0D:kUx1QjOD3SxcDDcNDqWYurL0

Score

10^/10

modiloader trojan

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader
Modiloader family
modiloader

ModiLoader Second Stage 14 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1828-0-0x0000000000400000-0x000000000041C000-memory.dmp	modiloader_stage2
behavioral1/memory/1828-1-0x0000000000400000-0x000000000041C000-memory.dmp	modiloader_stage2
behavioral1/memory/1828-2-0x0000000000400000-0x000000000041C000-memory.dmp	modiloader_stage2
behavioral1/memory/1828-3-0x0000000000400000-0x000000000041C000-memory.dmp	modiloader_stage2
behavioral1/memory/1828-4-0x0000000000400000-0x000000000041C000-memory.dmp	modiloader_stage2
behavioral1/memory/1828-5-0x0000000000400000-0x000000000041C000-memory.dmp	modiloader_stage2
behavioral1/memory/1828-6-0x0000000000400000-0x000000000041C000-memory.dmp	modiloader_stage2
behavioral1/memory/1828-7-0x0000000000400000-0x000000000041C000-memory.dmp	modiloader_stage2
behavioral1/memory/1828-8-0x0000000000400000-0x000000000041C000-memory.dmp	modiloader_stage2
behavioral1/memory/1828-9-0x0000000000400000-0x000000000041C000-memory.dmp	modiloader_stage2
behavioral1/memory/1828-10-0x0000000000400000-0x000000000041C000-memory.dmp	modiloader_stage2
behavioral1/memory/1828-11-0x0000000000400000-0x000000000041C000-memory.dmp	modiloader_stage2
behavioral1/memory/1828-12-0x0000000000400000-0x000000000041C000-memory.dmp	modiloader_stage2
behavioral1/memory/1828-13-0x0000000000400000-0x000000000041C000-memory.dmp	modiloader_stage2

C:\Users\Admin\AppData\Local\Temp\8794d806c98728025528893f4dc79ba3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\8794d806c98728025528893f4dc79ba3_JaffaCakes118.exe"
1⤵
PID:1828

memory/1828-0-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1828-1-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1828-2-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1828-3-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1828-4-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1828-5-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1828-6-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1828-7-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1828-8-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1828-9-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1828-10-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1828-11-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1828-12-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1828-13-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download