modiloader | 05aff25de251b19cb35094b144b26c6aa3f67f5d574409290e34a3f011960654 | Triage

Submit
Reports

Overview

overview

Static

static

3

8d077427f9...18.exe

windows7-x64

8d077427f9...18.exe

windows10-2004-x64

Sharing

General

Target

8d077427f90432668b594fb5db71a230_JaffaCakes118
Size

588KB
Sample

241103-xq5sfstrdk
MD5

8d077427f90432668b594fb5db71a230
SHA1

a6db2ca9bb241fb33ae03a5528be269d23e438a6
SHA256

05aff25de251b19cb35094b144b26c6aa3f67f5d574409290e34a3f011960654
SHA512

f54dfdcf937ddde8a069995e97335dbfc145c8a292b3f7a14d8a9989aefa6b6d81d06798497b70d4f107260f2a81751110be99242c3f289aa202f330565ca21c
SSDEEP

12288:YS+d7GNVUwxo7z/4FHJbkRekmF3Z4mxxb0MHoTAFbphQV:CyjU0oEx1QmXbKp

Score

10^/10

modiloader defense_evasion discovery persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8d077427f90432668b594fb5db71a230_JaffaCakes118.exe

Resource

win7-20240903-en

modiloader trojan

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

8d077427f90432668b594fb5db71a230_JaffaCakes118.exe

Resource

win10v2004-20241007-en

modiloader defense_evasion discovery persistence trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  8d077427f90432668b594fb5db71a230_JaffaCakes118
- Size
  
  588KB
- MD5
  
  8d077427f90432668b594fb5db71a230
- SHA1
  
  a6db2ca9bb241fb33ae03a5528be269d23e438a6
- SHA256
  
  05aff25de251b19cb35094b144b26c6aa3f67f5d574409290e34a3f011960654
- SHA512
  
  f54dfdcf937ddde8a069995e97335dbfc145c8a292b3f7a14d8a9989aefa6b6d81d06798497b70d4f107260f2a81751110be99242c3f289aa202f330565ca21c
- SSDEEP
  
  12288:YS+d7GNVUwxo7z/4FHJbkRekmF3Z4mxxb0MHoTAFbphQV:CyjU0oEx1QmXbKp
Score

10^/10

modiloader trojan defense_evasion discovery persistence
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modiloader family
  modiloader
- ModiLoader Second Stage
- Server Software Component: Terminal Services DLL
  persistence
- Loads dropped DLL
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloadertrojan

behavioral2

modiloaderdefense_evasiondiscoverypersistencetrojan

© 2018-2025

Terms | Privacy