modiloader | 06bf07e9d9c219bd9fb325c3b9a205b9346a3b1c36d65646f31b0f84e136b7a2 | Triage

Submit
Reports

Overview

overview

Static

static

3

91dca0b830...18.exe

windows7-x64

91dca0b830...18.exe

windows10-2004-x64

Sharing

General

Target

91dca0b8307d539333644a88ef538818_JaffaCakes118
Size

523KB
Sample

241124-b5g42stmhj
MD5

91dca0b8307d539333644a88ef538818
SHA1

254bd77afdc7f5ffed927a07a8a8c8652efb6c67
SHA256

06bf07e9d9c219bd9fb325c3b9a205b9346a3b1c36d65646f31b0f84e136b7a2
SHA512

9bb021b247f84bfaf07cda4b9db15529f5b3ee6cf5370dd279a4a42e4e232f970b097ff3d88f1f148461fdf6809c9b312bb95b8c6369ccd3967ba843be71eb27
SSDEEP

12288:oaKX/poYW/6Nrv3RxmVMF3Z4mxxIJ3YSiikCp4K7W:5KxLrfmVMQmXIipCpzW

Score

10^/10

modiloader defense_evasion discovery persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

91dca0b8307d539333644a88ef538818_JaffaCakes118.exe

Resource

win7-20240903-en

modiloader defense_evasion discovery persistence trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

91dca0b8307d539333644a88ef538818_JaffaCakes118.exe

Resource

win10v2004-20241007-en

modiloader defense_evasion discovery persistence trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  91dca0b8307d539333644a88ef538818_JaffaCakes118
- Size
  
  523KB
- MD5
  
  91dca0b8307d539333644a88ef538818
- SHA1
  
  254bd77afdc7f5ffed927a07a8a8c8652efb6c67
- SHA256
  
  06bf07e9d9c219bd9fb325c3b9a205b9346a3b1c36d65646f31b0f84e136b7a2
- SHA512
  
  9bb021b247f84bfaf07cda4b9db15529f5b3ee6cf5370dd279a4a42e4e232f970b097ff3d88f1f148461fdf6809c9b312bb95b8c6369ccd3967ba843be71eb27
- SSDEEP
  
  12288:oaKX/poYW/6Nrv3RxmVMF3Z4mxxIJ3YSiikCp4K7W:5KxLrfmVMQmXIipCpzW
Score

10^/10

modiloader defense_evasion discovery persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies WinLogon for persistence
  persistence
- Modiloader family
  modiloader
- ModiLoader Second Stage
- Server Software Component: Terminal Services DLL
  persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Server Software Component

Terminal Services DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Indicator Removal

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdefense_evasiondiscoverypersistencetrojan

behavioral2

modiloaderdefense_evasiondiscoverypersistencetrojan

© 2018-2025

Terms | Privacy