modiloader | e1d125a6e187bacf3adc84b474d0d965e0bdcb37ef13b3788af39142ff5334b6 | Triage

Submit
Reports

Overview

overview

Static

static

a656b19b2e...18.exe

windows7-x64

a656b19b2e...18.exe

windows10-2004-x64

Sharing

General

Target

a656b19b2e923982424eda0fe0289cfb_JaffaCakes118
Size

227KB
Sample

241127-gznbrs1ngz
MD5

a656b19b2e923982424eda0fe0289cfb
SHA1

f883568eef51affe0b1a1cef1fbfd1f85d0d4430
SHA256

e1d125a6e187bacf3adc84b474d0d965e0bdcb37ef13b3788af39142ff5334b6
SHA512

847c2214ddf14dafd87207a5fa448be8afe31d9bd5ec1995190fa63a36d98c759d0b37c17fef27d5fd36bfd185a4e384d1f5c431819a0146580688295ff98f66
SSDEEP

3072:K7JdIwnHT+Lmfe0a5gCF1EYAfrwqFqMvFrNgZfYXD3NgLtgP5r7QJzEaTZB3Nf6:pEHTCu85gCFEbFqDZwT9gL+P9izxB9C

Score

10^/10

modiloader discovery trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

a656b19b2e923982424eda0fe0289cfb_JaffaCakes118.exe

Resource

win7-20240903-en

modiloader discovery trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

a656b19b2e923982424eda0fe0289cfb_JaffaCakes118.exe

Resource

win10v2004-20241007-en

modiloader discovery trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  a656b19b2e923982424eda0fe0289cfb_JaffaCakes118
- Size
  
  227KB
- MD5
  
  a656b19b2e923982424eda0fe0289cfb
- SHA1
  
  f883568eef51affe0b1a1cef1fbfd1f85d0d4430
- SHA256
  
  e1d125a6e187bacf3adc84b474d0d965e0bdcb37ef13b3788af39142ff5334b6
- SHA512
  
  847c2214ddf14dafd87207a5fa448be8afe31d9bd5ec1995190fa63a36d98c759d0b37c17fef27d5fd36bfd185a4e384d1f5c431819a0146580688295ff98f66
- SSDEEP
  
  3072:K7JdIwnHT+Lmfe0a5gCF1EYAfrwqFqMvFrNgZfYXD3NgLtgP5r7QJzEaTZB3Nf6:pEHTCu85gCFEbFqDZwT9gL+P9izxB9C
Score

10^/10

modiloader discovery trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modiloader family
  modiloader
- ModiLoader Second Stage
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdiscoverytrojan

behavioral2

modiloaderdiscoverytrojan

© 2018-2025

Terms | Privacy