modiloader | 26ac1b09a3ad625ccb25946b2e13437215f7ef80a73281104d2a1be87a17c09a | Triage

Sharing

General

Target

88b23e58488ae1650bf911cbdb63c6bc_JaffaCakes118
Size

9.3MB
Sample

241103-atd3ksspdq
MD5

88b23e58488ae1650bf911cbdb63c6bc
SHA1

a303ea9e27582bc992c626ccdbfb7cf2d981f020
SHA256

26ac1b09a3ad625ccb25946b2e13437215f7ef80a73281104d2a1be87a17c09a
SHA512

4ade64e1df0d83a4ee14b16e8d9d2b55d907e8da053c583a32694772dc700cfa7563f8fd8fd66cc4fe9d1a528417d88baa8e0b9e29d679e78ab4f8ee54a53164
SSDEEP

196608:TEQZz4bHQ9oZKHyHJGUbDpth9WRHIxa/VzJFnDqnSgyCENP6qFNwW:sbw9oZKSHJGWDCouVzJFDqn0CEP6lW

Score

10^/10

modiloader discovery execution trojan upx

Malware Config

Targets

- Target
  
  88b23e58488ae1650bf911cbdb63c6bc_JaffaCakes118
- Size
  
  9.3MB
- MD5
  
  88b23e58488ae1650bf911cbdb63c6bc
- SHA1
  
  a303ea9e27582bc992c626ccdbfb7cf2d981f020
- SHA256
  
  26ac1b09a3ad625ccb25946b2e13437215f7ef80a73281104d2a1be87a17c09a
- SHA512
  
  4ade64e1df0d83a4ee14b16e8d9d2b55d907e8da053c583a32694772dc700cfa7563f8fd8fd66cc4fe9d1a528417d88baa8e0b9e29d679e78ab4f8ee54a53164
- SSDEEP
  
  196608:TEQZz4bHQ9oZKHyHJGUbDpth9WRHIxa/VzJFnDqnSgyCENP6qFNwW:sbw9oZKSHJGWDCouVzJFDqn0CEP6lW
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  0dc0cc7a6d9db685bf05a7e5f3ea4781
- SHA1
  
  5d8b6268eeec9d8d904bc9d988a4b588b392213f
- SHA256
  
  8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c
- SHA512
  
  814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0
- SSDEEP
  
  192:n6d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jPK72dwF7dBEnbok:n6UdHXcIiY535zBt2jP+BEnbo
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  Demos/Images/06.bmp
- Size
  
  324KB
- MD5
  
  ae32d22bca82c1e54a23f66163b67a64
- SHA1
  
  40460cb3960054a0bcd49e3799420c8c962a63b6
- SHA256
  
  8c1fc111b0c738a9695bfe6e12c8a4ac7382c6b8cdf4496dacab50e2a55b8711
- SHA512
  
  1b7243e295446021bd8484a791804ecaa5ec1961131a36dd67a1b10c5b6b2182f463a21ac3420b8a4ca31c95edbb62dffd94d7be1f8fc98bb44989739512aba2
- SSDEEP
  
  6144:unmzGa1d9g4lrCyOTZqI3jc8GCDrnAV8O+AyNMjLZVe/+o/j9xk3P4vDiQidDj/H:uzaH9gUQZqIzciDLAGNMfZo/xj9Ka6TH
Score

3^/10

execution
behavioral5 behavioral6
- Target
  
  Filters/AviSplitter.ax
- Size
  
  372KB
- MD5
  
  c5bfba7fd968130fec6f2fe69d61e305
- SHA1
  
  bae9dae1719b511f3d9466ce81d40c4afac46f38
- SHA256
  
  169247ac0661c73b73880258b356055f854af3ab9352e008650b9c3e5ababf51
- SHA512
  
  ddaddd1cae3a5d9812cd0210e8cf977c8822dfc647dfb4aedf03040499f01fba3da7a8080588627a76b6adf3b437a6ea44e9fb6fc9eff91ca4031301e5d65557
- SSDEEP
  
  6144:d41eLkaGyQrtlo1AubuSEYegJZXX2n00:d41TaGe1+Yr80
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  Filters/Ogg/OggDS.dll
- Size
  
  232KB
- MD5
  
  ac39539f25c253bbfdcc73ab0a771b51
- SHA1
  
  85afe926c22610c26a001f8a1bbfa948e6d9c2d6
- SHA256
  
  7281674cb4e3964743e3859f0d02c43bef4f276e9f0f18d316dd6ace6d156a64
- SHA512
  
  92f1d92cfee4b7b827907895e70c5dd2c160e8a7a1003bd8dcd65e6ccab6f5c5a5bd30a76353980b5639b7b15c14036e9d1a756081b6bc85462ceb7e5e0b706b
- SSDEEP
  
  3072:ZF5u2Qed31Q+S36ShY5X509bPSw9/jiQ4n/u0T01gAg0FuPyAsjjVCDIi:YB16mY5Ot/ji/nbwqAOPKq
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  Filters/Ogg/ogg.dll
- Size
  
  44KB
- MD5
  
  a6c9a92e579ad93306f702140f1e6840
- SHA1
  
  1e18607be3492b712827127cd4c7312e93c4c2e7
- SHA256
  
  e1853dd243501f3bf8e3206e6c7d7b5ebf6294701c8a86650f987a0d0937c97a
- SHA512
  
  954323f772a3ba707cd7f0990dbfc46f963db876e5e400c0847a332249690379051c0dccecf668a66c38c78429e6baa3234d23eb770ce31d49d07a0cf6cba54b
- SSDEEP
  
  768:wI9SCLA2tmMqDAeQaNkTMFKmALKlGx621Fb/LPf0t4NF:woAtMq8ecTMFKmALmk6Kr0t
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  Filters/Ogg/vorbis.dll
- Size
  
  184KB
- MD5
  
  dd783aad2fab1cd4764d1b3733fca5a0
- SHA1
  
  d612e7325681d8323e1b38c5dc11d822c5574de6
- SHA256
  
  11e2a3cc84045257e4fb1801c8e885fb95c0f6e28109420527c99cb2dace3eef
- SHA512
  
  cabc00627fe69e893088fe283cc20e8fec354e6f56e50bef73a51645efe8030ee80f4cf1fc8f69a097fca437221da8ac6fcbb3d7879010c9295e915e43e7e009
- SSDEEP
  
  3072:3ewJhguDq5hM3KyPnlfBnVbODmpqWmHD+b/6nAg0Fud7cL:33h4/MtPnlfBVrpKD+b8AOdW
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  Filters/Ogg/vorbisenc.dll
- Size
  
  900KB
- MD5
  
  dca492c3d3019a689e85f3ff0afb3d3d
- SHA1
  
  a7e8753074d65158f438e1456ea56cada7fecaf4
- SHA256
  
  fb4124ed537efe868915907b50031634f01defc7d655323f457a660cb8fd9330
- SHA512
  
  15fc0eeb9a410704e824d954c4afc10f73f77e20a1796374d79c71b00cfe071ef5b54c2be67db6d9d21f042d9e7e768e418f6076ea63fad2b5d6a77c7d169c05
- SSDEEP
  
  1536:plPHz2jec4Lw5CFdzuLJKySOEa0tCFXp40Syu5oKTdkEbN:ffaqFdOgeEa0Mty0Sy2oKTdtN
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  Filters/ac3filter.ax
- Size
  
  512KB
- MD5
  
  9f4a24f056477de28d06c4472e365fbb
- SHA1
  
  8fcda87a3ca889657b5d99873c6be65e735f8e5b
- SHA256
  
  29b30bc326b3a0d10434905eba5a521fb7f9b6741d6649a4e6ba6ad21b93df49
- SHA512
  
  4f47dca5a654af3f4787806969b88182a5b3cd29dfb0a4e85acf57a6ab33f869aefb808c7d43b27fca42d70468e58c3fc2d4afc49ab8345d26225db13b4ab494
- SSDEEP
  
  6144:3Y4UlGAqgN/BQI+uU8+F0f6v73ezLa/uNDwyyziS9g:38Qyn+uUPM6qzO/ewI
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  Filters/l3codecx.ax
- Size
  
  81KB
- MD5
  
  ade9508b04f995891d37ca317ba51820
- SHA1
  
  6762e4ce349e2f2da5d5991cec28bbebe284f9db
- SHA256
  
  939ba9d2e52f1683cd722d70f87143da902788b4912e2723c9940b1ac5593ecf
- SHA512
  
  bce4f31ce1286911fd3af58a9cf1e1995812ba229c80f8a26ea5a46c0a7bf515e9bc2f5f73446ca0666400cefa4666b6f53f0c1146b99a171ef42a48b76095b0
- SSDEEP
  
  1536:HnO7U7L8+AkxhnMOejOIOAZM2nrREegqB7v9lCDLU:HiUE+hnMOejOIOAGMrRHgqN9lULU
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  Filters/oggsplitter.ax
- Size
  
  288KB
- MD5
  
  6a2e7307957383073db316ebe553dd58
- SHA1
  
  44f4e1ba43c4f1b0f60b8830644e7feb2702069c
- SHA256
  
  ef5ac08baea89730508d48ce5c5cfe139be3eddb3ffc4247f356279dfd6aac46
- SHA512
  
  6d078a2cf3e7f698e768ae7509ac4814a191b464aea114d23f17601c0dea980ed59165b4520f9b366efc56e01222136e86743f3ab38ec763df927820d06f1139
- SSDEEP
  
  6144:Z+Ud0h2At6aqQFUuT+VEhB4xnUVVVucKpc:ZmBtJFUuSVvSxhKp
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  Foto2avi.exe
- Size
  
  2.7MB
- MD5
  
  e4c1623e0298def5ff1b3a13bc50020e
- SHA1
  
  371b75b6c102207c5ad2d761689770a23b1ee93b
- SHA256
  
  ffb570199f61559a7aa4375c6ca2be87fcb4ececb4617dd275ba54123374c2d5
- SHA512
  
  13485f73167aa468c31e2be6f0ed9a1b91c6740f04777f026ab7faef40da5a3cd64057002cd0ed8f14e5fffc8ce0f1c3efc352c8aa8d8b5c1de34eb84d14d4bf
- SSDEEP
  
  24576:Tvw9CVXHoo79kQADOFI3wgwVlxOujXso5VLGz2wQ2B/qtTqK90ZpyxK:blYORADuVWERLGs2yTqK90ZpcK
Score

10^/10

modiloader discovery trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modiloader family
  modiloader
- ModiLoader First Stage
behavioral23 behavioral24
- Target
  
  Plugins/EffectsMany/EffectBalloon.html
- Size
  
  5KB
- MD5
  
  da343539ce8436a032949e0f0e66a83b
- SHA1
  
  db363a62736a8e5302fafd9726ff5c877c69f394
- SHA256
  
  5a66df9d26dc1ebcc9cdf9dacde932247b6e9b4c28c94ebec248f3fe7519bcf7
- SHA512
  
  99420de26a731db1cb38c2fadaa1ac689db964c30d32a2e376b9cb5ba2d8174c7e6d318b153b71a937be500cd0810b061866a07105c0bdc022ec4cc453cd9986
- SSDEEP
  
  96:e49+EY0gApiuSvAO93BcDZw7UETqYe/4UD33S41DmaCTmamwEaDmj:e4Ewilvn93BclETqYM4UD33XDmaCTmak
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  Plugins/EffectsMany/EffectBinoculars.html
- Size
  
  3KB
- MD5
  
  2008c9fa3dc1a82d8e1f5a724f295fbc
- SHA1
  
  e2148ae30adbd59bef0b29a141c8f5d22f19a53f
- SHA256
  
  78de625968fa686d6930dce1d6d774d2dfb22646b3d6ff996f605ea43162d731
- SHA512
  
  2a92558a7bae94a27891b005e1ddbac7f0b7d10aa7fa356c831e002650e08147ccf72bf8f71e916013fbf58e86a1ecd24620a3f4edcc898fde9b47fbee4b9016
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  Plugins/EffectsMany/EffectBubbles.html
- Size
  
  3KB
- MD5
  
  0b27286bf74789a940a80f61cf5f0cb9
- SHA1
  
  bbdfa585e844473dee9e038fe7c154cb5524604f
- SHA256
  
  0c858751e8c21c541e429289cce9687b366905274f39dfaf7d9badb60d79ce60
- SHA512
  
  c20ec1c7f3aa99c30d5b18c7b3b1a1f63cc3bdcacd71a2a557c3a86bd5593f09eec270f2ea0d4d7a9a36249d1cd352720288628c4d0eb499cc31259cb5eac09b
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  Plugins/EffectsMany/EffectConez.html
- Size
  
  3KB
- MD5
  
  98f67e734e621b02a622601a0e5a17a6
- SHA1
  
  2f79a0668eaf1eb8a99e81316beef8a14422a876
- SHA256
  
  d21a3a197f207245281d90c9e147dde05bb6696ca215c60c29eaa3ef21f1211a
- SHA512
  
  c2851ab5fc35c448cb492a86e1451116e6635de5f08bc0d02fc70d44b1a9864e18f9f0b43549038ef56d17f98cf714c4e9ffafa92a4ec0035f1d40fd70f79d8c
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

modiloaderdiscoverytrojan

behavioral24

modiloaderdiscoverytrojan

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32