modiloader | 06c4188e0887f82659818f34dd7f708ab0afa93a11ef67c75d065061b50bcc58 | Triage

Submit
Reports

Overview

overview

Static

static

8e1e0bee60...18.exe

windows7-x64

8e1e0bee60...18.exe

windows10-2004-x64

Sharing

General

Target

8e1e0bee60b300b13d3b19ddeeccb451_JaffaCakes118
Size

321KB
Sample

241103-3v6s7sxhje
MD5

8e1e0bee60b300b13d3b19ddeeccb451
SHA1

5e8275bd92edadebafb274b708e007070a60ae04
SHA256

06c4188e0887f82659818f34dd7f708ab0afa93a11ef67c75d065061b50bcc58
SHA512

1527f0273b6e91cf41926b1f3fb04f2af6122baa229f82962a61e73ce14c2a6a977d859903697bd7ae86f70eb7f0f5700dc32a76f798a03493d79b0feb28d588
SSDEEP

6144:/qWBgyJ571HMb62TB8zo8MDP/ty4Yx6vTRupdC3jsNX7xjl+:/qWBgy11sWjzoZTt/7vToYjMVj0

Score

10^/10

modiloader discovery trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

8e1e0bee60b300b13d3b19ddeeccb451_JaffaCakes118.exe

Resource

win7-20240903-en

modiloader discovery trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

8e1e0bee60b300b13d3b19ddeeccb451_JaffaCakes118.exe

Resource

win10v2004-20241007-en

modiloader discovery trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  8e1e0bee60b300b13d3b19ddeeccb451_JaffaCakes118
- Size
  
  321KB
- MD5
  
  8e1e0bee60b300b13d3b19ddeeccb451
- SHA1
  
  5e8275bd92edadebafb274b708e007070a60ae04
- SHA256
  
  06c4188e0887f82659818f34dd7f708ab0afa93a11ef67c75d065061b50bcc58
- SHA512
  
  1527f0273b6e91cf41926b1f3fb04f2af6122baa229f82962a61e73ce14c2a6a977d859903697bd7ae86f70eb7f0f5700dc32a76f798a03493d79b0feb28d588
- SSDEEP
  
  6144:/qWBgyJ571HMb62TB8zo8MDP/ty4Yx6vTRupdC3jsNX7xjl+:/qWBgy11sWjzoZTt/7vToYjMVj0
Score

10^/10

modiloader discovery trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modiloader family
  modiloader
- Detected Nirsoft tools
  Free utilities often used by attackers which can steal passwords, product keys, etc.
- ModiLoader Second Stage
- NirSoft MailPassView
  Password recovery tool for various email clients
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdiscoverytrojan

behavioral2

modiloaderdiscoverytrojan

© 2018-2024

Terms | Privacy