modiloader | d6f783d9dd6818f6800cff6a849c62c8d3152dd5bb8cfcc25a32be76a0bd5cd3 | Triage

Submit
Reports

Overview

overview

Static

static

9c7d289c29...18.exe

windows7-x64

9c7d289c29...18.exe

windows10-2004-x64

Sharing

General

Target

9c7d289c291d52e8298c4c8f010a4e3c_JaffaCakes118
Size

349KB
Sample

241125-tclkwa1jhl
MD5

9c7d289c291d52e8298c4c8f010a4e3c
SHA1

60dfcb949b522663c6432284f6621364c12c6b0a
SHA256

d6f783d9dd6818f6800cff6a849c62c8d3152dd5bb8cfcc25a32be76a0bd5cd3
SHA512

42c2c78d40817aeb4c5f8ecf240e8a8d2ef70ef936bcbbc2f13900a394c788ab7c17a3ef1e8bb8c5f2637074be71358717bd8c7d597e1d8a892c500ff4801624
SSDEEP

6144:0Wu7Misydv48Le/zOYdMuYuM3jqaaafnZXg9cUjW226i8TTEzTX9lEVBjW:huFsI48Le/6GM0oqaxectnNGTu7EVBjW

Score

10^/10

modiloader defense_evasion discovery persistence trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

9c7d289c291d52e8298c4c8f010a4e3c_JaffaCakes118.exe

Resource

win7-20240903-en

modiloader defense_evasion discovery persistence trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

9c7d289c291d52e8298c4c8f010a4e3c_JaffaCakes118.exe

Resource

win10v2004-20241007-en

modiloader defense_evasion discovery persistence trojan upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  9c7d289c291d52e8298c4c8f010a4e3c_JaffaCakes118
- Size
  
  349KB
- MD5
  
  9c7d289c291d52e8298c4c8f010a4e3c
- SHA1
  
  60dfcb949b522663c6432284f6621364c12c6b0a
- SHA256
  
  d6f783d9dd6818f6800cff6a849c62c8d3152dd5bb8cfcc25a32be76a0bd5cd3
- SHA512
  
  42c2c78d40817aeb4c5f8ecf240e8a8d2ef70ef936bcbbc2f13900a394c788ab7c17a3ef1e8bb8c5f2637074be71358717bd8c7d597e1d8a892c500ff4801624
- SSDEEP
  
  6144:0Wu7Misydv48Le/zOYdMuYuM3jqaaafnZXg9cUjW226i8TTEzTX9lEVBjW:huFsI48Le/6GM0oqaxectnNGTu7EVBjW
Score

10^/10

modiloader defense_evasion discovery persistence trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modiloader family
  modiloader
- ModiLoader Second Stage
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Impair Defenses: Safe Mode Boot
  defense_evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Safe Mode Boot

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdefense_evasiondiscoverypersistencetrojanupx

behavioral2

modiloaderdefense_evasiondiscoverypersistencetrojanupx

© 2018-2024

Terms | Privacy