modiloader | 5a2a4c83b09301c0f1d1dac46839d472602531342a1896c9fad3733bf1fcfe88 | Triage

Submit
Reports

Overview

overview

Static

static

3

9c7bc55eab...18.exe

windows7-x64

9c7bc55eab...18.exe

windows10-2004-x64

Sharing

General

Target

9c7bc55eab954749fe30c024051387e3_JaffaCakes118
Size

833KB
Sample

241125-tb5blatrav
MD5

9c7bc55eab954749fe30c024051387e3
SHA1

a6ba5e8d172ac91ba8473d32919f94e0dd615a8e
SHA256

5a2a4c83b09301c0f1d1dac46839d472602531342a1896c9fad3733bf1fcfe88
SHA512

70b08e7dd40b1cfdb1243d10ded0ed3f9471d340d328146da1cdd2b0b3a63d7febf7a20b0620061f60066e7981bc7522b385db124ea4219aa3a63a6b7dc9a2d8
SSDEEP

12288:sIZIJ8lG4FMng6oWoMtmo2vay2oRzSMlpQwxBcdpVAfgR3HD0uPF6Izrmmjhdg9O:/ZIJ8lG4Fj6oWoMbSayVlpMFJhd6Ib

Score

10^/10

modiloader discovery trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9c7bc55eab954749fe30c024051387e3_JaffaCakes118.exe

Resource

win7-20240903-en

modiloader discovery trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

9c7bc55eab954749fe30c024051387e3_JaffaCakes118.exe

Resource

win10v2004-20241007-en

modiloader discovery trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  9c7bc55eab954749fe30c024051387e3_JaffaCakes118
- Size
  
  833KB
- MD5
  
  9c7bc55eab954749fe30c024051387e3
- SHA1
  
  a6ba5e8d172ac91ba8473d32919f94e0dd615a8e
- SHA256
  
  5a2a4c83b09301c0f1d1dac46839d472602531342a1896c9fad3733bf1fcfe88
- SHA512
  
  70b08e7dd40b1cfdb1243d10ded0ed3f9471d340d328146da1cdd2b0b3a63d7febf7a20b0620061f60066e7981bc7522b385db124ea4219aa3a63a6b7dc9a2d8
- SSDEEP
  
  12288:sIZIJ8lG4FMng6oWoMtmo2vay2oRzSMlpQwxBcdpVAfgR3HD0uPF6Izrmmjhdg9O:/ZIJ8lG4Fj6oWoMbSayVlpMFJhd6Ib
Score

10^/10

modiloader discovery trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modiloader family
  modiloader
- ModiLoader Second Stage
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdiscoverytrojan

behavioral2

modiloaderdiscoverytrojan

© 2018-2025

Terms | Privacy