modiloader | eecff0bf98dd903e587ba55a70e7f3a84251f59a6cab7f2a4343f2da82206f03 | Triage

Submit
Reports

Overview

overview

Static

static

7

8f94ae69f9...18.exe

windows7-x64

8f94ae69f9...18.exe

windows10-2004-x64

Sharing

General

Target

8f94ae69f98d1017548ee145c2c54135_JaffaCakes118
Size

295KB
Sample

241104-g2k97awbjc
MD5

8f94ae69f98d1017548ee145c2c54135
SHA1

630769a3c5d7cac4d223290e48a166e2b64bbb01
SHA256

eecff0bf98dd903e587ba55a70e7f3a84251f59a6cab7f2a4343f2da82206f03
SHA512

6c9fd62c5679798421f66e0ecbb23ac0f4856f8ce895ce032653d8bdbc8237ae67458844165e88ffc2a6240928dfaa6d16f8a8b020cf8dfaafac409cdb4f7cf7
SSDEEP

6144:OYWr9t3ut7qNbcoPWjd8gqI4opZfkz06fdRPr8Cf+Ikawj+/9kJ6mY0:OYG9t+t+1cd8gdi0ITd+I6jnLH

Score

10^/10

modiloader aspackv2 discovery trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

8f94ae69f98d1017548ee145c2c54135_JaffaCakes118.exe

Resource

win7-20240903-en

modiloader aspackv2 discovery trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

8f94ae69f98d1017548ee145c2c54135_JaffaCakes118.exe

Resource

win10v2004-20241007-en

modiloader aspackv2 discovery trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  8f94ae69f98d1017548ee145c2c54135_JaffaCakes118
- Size
  
  295KB
- MD5
  
  8f94ae69f98d1017548ee145c2c54135
- SHA1
  
  630769a3c5d7cac4d223290e48a166e2b64bbb01
- SHA256
  
  eecff0bf98dd903e587ba55a70e7f3a84251f59a6cab7f2a4343f2da82206f03
- SHA512
  
  6c9fd62c5679798421f66e0ecbb23ac0f4856f8ce895ce032653d8bdbc8237ae67458844165e88ffc2a6240928dfaa6d16f8a8b020cf8dfaafac409cdb4f7cf7
- SSDEEP
  
  6144:OYWr9t3ut7qNbcoPWjd8gqI4opZfkz06fdRPr8Cf+Ikawj+/9kJ6mY0:OYG9t+t+1cd8gdi0ITd+I6jnLH
Score

10^/10

modiloader aspackv2 discovery trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modiloader family
  modiloader
- ModiLoader Second Stage
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderaspackv2discoverytrojan

behavioral2

modiloaderaspackv2discoverytrojan

© 2018-2024

Terms | Privacy