modiloader | 0a92f29858b225486714b36a23ed1c1d15ff3594fbc920fc8967e3146de314b5 | Triage

Submit
Reports

Overview

overview

Static

static

a5cefa1a4d...18.exe

windows7-x64

a5cefa1a4d...18.exe

windows10-2004-x64

Sharing

General

Target

a5cefa1a4d31d896eb4a36b052f5975b_JaffaCakes118
Size

308KB
Sample

241127-emx94asqfp
MD5

a5cefa1a4d31d896eb4a36b052f5975b
SHA1

073a25138c7b5ca12441b9382f1d8818c044047f
SHA256

0a92f29858b225486714b36a23ed1c1d15ff3594fbc920fc8967e3146de314b5
SHA512

128f3369a7ecf782d031c4e68b20fa2046a6611daddf89305841bf5b4716802d2d36ec7a538a38c114a516fbefa86dfe62b9a692cbb9cd26c13ecdd53c9dd76e
SSDEEP

6144:j4/hzQk7kq4u8EN4wUi9g7mUNsRM+xmJcBsN1y:jQ79F4wL9SmUsM51

Score

10^/10

modiloader defense_evasion discovery persistence trojan upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

a5cefa1a4d31d896eb4a36b052f5975b_JaffaCakes118.exe

Resource

win7-20241010-en

modiloader defense_evasion discovery persistence trojan upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

a5cefa1a4d31d896eb4a36b052f5975b_JaffaCakes118.exe

Resource

win10v2004-20241007-en

modiloader defense_evasion discovery persistence trojan upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  a5cefa1a4d31d896eb4a36b052f5975b_JaffaCakes118
- Size
  
  308KB
- MD5
  
  a5cefa1a4d31d896eb4a36b052f5975b
- SHA1
  
  073a25138c7b5ca12441b9382f1d8818c044047f
- SHA256
  
  0a92f29858b225486714b36a23ed1c1d15ff3594fbc920fc8967e3146de314b5
- SHA512
  
  128f3369a7ecf782d031c4e68b20fa2046a6611daddf89305841bf5b4716802d2d36ec7a538a38c114a516fbefa86dfe62b9a692cbb9cd26c13ecdd53c9dd76e
- SSDEEP
  
  6144:j4/hzQk7kq4u8EN4wUi9g7mUNsRM+xmJcBsN1y:jQ79F4wL9SmUsM51
Score

10^/10

modiloader defense_evasion discovery persistence trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modiloader family
  modiloader
- ModiLoader Second Stage
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Impair Defenses: Safe Mode Boot
  defense_evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Safe Mode Boot

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdefense_evasiondiscoverypersistencetrojanupx

behavioral2

modiloaderdefense_evasiondiscoverypersistencetrojanupx

© 2018-2025

Terms | Privacy