modiloader | 1de0d1c6493e7814960bee852aa2921e2eba17476b34e8e89719bed3958561b7 | Triage

Submit
Reports

Overview

overview

Static

static

3

a43df25f38...18.exe

windows7-x64

a43df25f38...18.exe

windows10-2004-x64

Sharing

General

Target

a43df25f38c779f1fbc5a6283a926c42_JaffaCakes118
Size

682KB
Sample

241126-1f9kfaxmek
MD5

a43df25f38c779f1fbc5a6283a926c42
SHA1

1b2954747524f2f1d0ac85d9009b17841bdf3fce
SHA256

1de0d1c6493e7814960bee852aa2921e2eba17476b34e8e89719bed3958561b7
SHA512

7710f1500533af908aef2522dc8a11d7ab6a3a53e6dc15408011a3a4c927e25572386771cfee01cc30e67d8357051041df9de12473c7c471fa9f4585f32bf8bd
SSDEEP

12288:Voo3Yd2eZQK7NWoxc9nA7Y2kRf20x0I61crGKmmttGvtF3Z4mxx9DqVTVOC4:Wo3YdzlgxgYzRjx0I6ChmmtitQmX8VT8

Score

10^/10

modiloader discovery trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a43df25f38c779f1fbc5a6283a926c42_JaffaCakes118.exe

Resource

win7-20240708-en

modiloader discovery trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

a43df25f38c779f1fbc5a6283a926c42_JaffaCakes118.exe

Resource

win10v2004-20241007-en

modiloader discovery trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  a43df25f38c779f1fbc5a6283a926c42_JaffaCakes118
- Size
  
  682KB
- MD5
  
  a43df25f38c779f1fbc5a6283a926c42
- SHA1
  
  1b2954747524f2f1d0ac85d9009b17841bdf3fce
- SHA256
  
  1de0d1c6493e7814960bee852aa2921e2eba17476b34e8e89719bed3958561b7
- SHA512
  
  7710f1500533af908aef2522dc8a11d7ab6a3a53e6dc15408011a3a4c927e25572386771cfee01cc30e67d8357051041df9de12473c7c471fa9f4585f32bf8bd
- SSDEEP
  
  12288:Voo3Yd2eZQK7NWoxc9nA7Y2kRf20x0I61crGKmmttGvtF3Z4mxx9DqVTVOC4:Wo3YdzlgxgYzRjx0I6ChmmtitQmX8VT8
Score

10^/10

modiloader discovery trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modiloader family
  modiloader
- ModiLoader Second Stage
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdiscoverytrojan

behavioral2

modiloaderdiscoverytrojan

© 2018-2025

Terms | Privacy