modiloader | bcdeff13f4960903d0a2a2c87328dfc0af042515c753917cd1af89cf0c76d8e9 | Triage

Submit
Reports

Overview

overview

Static

static

3

8e2118a0ee...18.exe

windows7-x64

8e2118a0ee...18.exe

windows10-2004-x64

Sharing

General

Target

8e2118a0eefa120dae04feb1c20790da_JaffaCakes118
Size

649KB
Sample

241103-3x2bha1jar
MD5

8e2118a0eefa120dae04feb1c20790da
SHA1

433583c5ddf7c28cd5b5c68357f3ff4be0663d41
SHA256

bcdeff13f4960903d0a2a2c87328dfc0af042515c753917cd1af89cf0c76d8e9
SHA512

848e98d48ad47992a92477225e1c3f56f87f47ea78d2488313522eff97e975b8068f4d6bb52b59b02968570b2cdb69aee3f273c5b83e9bdc3f9959227eaa9927
SSDEEP

12288:nO5LJF3Z4mxxJIHMF8IKhsxewingMr0WeJFAlvsDT+bkFXD89zYf08:nCFQmXOsiItyD0l8lUykFz8Gf08

Score

10^/10

modiloader discovery trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8e2118a0eefa120dae04feb1c20790da_JaffaCakes118.exe

Resource

win7-20240903-en

modiloader discovery trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

8e2118a0eefa120dae04feb1c20790da_JaffaCakes118.exe

Resource

win10v2004-20241007-en

modiloader discovery trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  8e2118a0eefa120dae04feb1c20790da_JaffaCakes118
- Size
  
  649KB
- MD5
  
  8e2118a0eefa120dae04feb1c20790da
- SHA1
  
  433583c5ddf7c28cd5b5c68357f3ff4be0663d41
- SHA256
  
  bcdeff13f4960903d0a2a2c87328dfc0af042515c753917cd1af89cf0c76d8e9
- SHA512
  
  848e98d48ad47992a92477225e1c3f56f87f47ea78d2488313522eff97e975b8068f4d6bb52b59b02968570b2cdb69aee3f273c5b83e9bdc3f9959227eaa9927
- SSDEEP
  
  12288:nO5LJF3Z4mxxJIHMF8IKhsxewingMr0WeJFAlvsDT+bkFXD89zYf08:nCFQmXOsiItyD0l8lUykFz8Gf08
Score

10^/10

modiloader discovery trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modiloader family
  modiloader
- ModiLoader Second Stage
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdiscoverytrojan

behavioral2

modiloaderdiscoverytrojan

© 2018-2025

Terms | Privacy