modiloader | d970b1d282b304e4715b1a6a298d9af3c9ae78c3d88708259ee0cd00d17ec157 | Triage

Submit
Reports

Overview

overview

Static

static

5

a76ac65422...18.exe

windows7-x64

a76ac65422...18.exe

windows10-2004-x64

Sharing

General

Target

a76ac65422c6fc86ec04743ec2daacc8_JaffaCakes118
Size

393KB
Sample

241127-mnxnyswqcl
MD5

a76ac65422c6fc86ec04743ec2daacc8
SHA1

c642390badb64222955c0edcb412a10b6a27e36b
SHA256

d970b1d282b304e4715b1a6a298d9af3c9ae78c3d88708259ee0cd00d17ec157
SHA512

40fc9ee84af77600f7cda8627b8a031d2ba4a8d0aca84e920d9d23dbe23a9a07e6aaaf38f5d85e2e754ab0254ee5e8c25d0070576e7e10cc3f8e59a6ee66b459
SSDEEP

6144:8q8YyMkNDfR/JAXuU0m6t/MS5OhYR5LN/s8W+8Xw6EiQJ86eyxXI7V:h8YyM0fHiIb/MhYR5O8W+6QJdeyxO

Score

10^/10

modiloader defense_evasion discovery persistence trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

a76ac65422c6fc86ec04743ec2daacc8_JaffaCakes118.exe

Resource

win7-20241010-en

modiloader defense_evasion discovery persistence trojan upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

a76ac65422c6fc86ec04743ec2daacc8_JaffaCakes118.exe

Resource

win10v2004-20241007-en

modiloader defense_evasion discovery persistence trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  a76ac65422c6fc86ec04743ec2daacc8_JaffaCakes118
- Size
  
  393KB
- MD5
  
  a76ac65422c6fc86ec04743ec2daacc8
- SHA1
  
  c642390badb64222955c0edcb412a10b6a27e36b
- SHA256
  
  d970b1d282b304e4715b1a6a298d9af3c9ae78c3d88708259ee0cd00d17ec157
- SHA512
  
  40fc9ee84af77600f7cda8627b8a031d2ba4a8d0aca84e920d9d23dbe23a9a07e6aaaf38f5d85e2e754ab0254ee5e8c25d0070576e7e10cc3f8e59a6ee66b459
- SSDEEP
  
  6144:8q8YyMkNDfR/JAXuU0m6t/MS5OhYR5LN/s8W+8Xw6EiQJ86eyxXI7V:h8YyM0fHiIb/MhYR5O8W+6QJdeyxO
Score

10^/10

modiloader defense_evasion discovery persistence trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modiloader family
  modiloader
- ModiLoader Second Stage
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Impair Defenses: Safe Mode Boot
  defense_evasion
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Safe Mode Boot

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdefense_evasiondiscoverypersistencetrojanupx

behavioral2

modiloaderdefense_evasiondiscoverypersistencetrojanupx

© 2018-2025

Terms | Privacy