modiloader | d72541b3a366a52202a37c1de643fca7281e248c219598420bc58649b70226c2 | Triage

Submit
Reports

Overview

overview

Static

static

3

a7b14c4b53...18.exe

windows7-x64

a7b14c4b53...18.exe

windows10-2004-x64

7

Sharing

General

Target

a7b14c4b5359ae54361ae2cf76b51196_JaffaCakes118
Size

2.6MB
Sample

241127-nwhqfaymap
MD5

a7b14c4b5359ae54361ae2cf76b51196
SHA1

fb76f0f1c9c0c7fc7de3090662784a1fa6fead30
SHA256

d72541b3a366a52202a37c1de643fca7281e248c219598420bc58649b70226c2
SHA512

9daaf2a7da7e838413aba8a77133bfb7c73919e4c48edf37862a8ccd9fa87401e85f21cfe5bce8b6f71c16131d51499a68cb3b31537efb134d03a1b5b02e58fc
SSDEEP

49152:6LrtdkuCoMYQcrylhDMjzP9eDWTYLooWn0MElv:Sic27gzP9eD+sooWn0rlv

Score

10^/10

modiloader discovery evasion trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a7b14c4b5359ae54361ae2cf76b51196_JaffaCakes118.exe

Resource

win7-20240729-en

modiloader discovery evasion trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

a7b14c4b5359ae54361ae2cf76b51196_JaffaCakes118.exe

Resource

win10v2004-20241007-en

discovery evasion trojan

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  a7b14c4b5359ae54361ae2cf76b51196_JaffaCakes118
- Size
  
  2.6MB
- MD5
  
  a7b14c4b5359ae54361ae2cf76b51196
- SHA1
  
  fb76f0f1c9c0c7fc7de3090662784a1fa6fead30
- SHA256
  
  d72541b3a366a52202a37c1de643fca7281e248c219598420bc58649b70226c2
- SHA512
  
  9daaf2a7da7e838413aba8a77133bfb7c73919e4c48edf37862a8ccd9fa87401e85f21cfe5bce8b6f71c16131d51499a68cb3b31537efb134d03a1b5b02e58fc
- SSDEEP
  
  49152:6LrtdkuCoMYQcrylhDMjzP9eDWTYLooWn0MElv:Sic27gzP9eD+sooWn0rlv
Score

10^/10

modiloader discovery evasion trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modiloader family
  modiloader
- ModiLoader Second Stage
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdiscoveryevasiontrojan

behavioral2

discoveryevasiontrojan

© 2018-2025

Terms | Privacy