modiloader | 02281901066095d95f18550bda6e6c780fe38e1fbcb6d1d0065b12d3b93c3d23 | Triage

Submit
Reports

Overview

overview

Static

static

aa96e40363...18.exe

windows7-x64

aa96e40363...18.exe

windows10-2004-x64

Sharing

General

Target

aa96e40363e19b4a3492662983805771_JaffaCakes118
Size

27KB
Sample

241128-ckj9cazrcz
MD5

aa96e40363e19b4a3492662983805771
SHA1

9e3d61ce12815e4c7f7398d5cf99e03072673172
SHA256

02281901066095d95f18550bda6e6c780fe38e1fbcb6d1d0065b12d3b93c3d23
SHA512

4a9e48aa308df2cac1a30e4403bba0f3c949ebe45d4dcdb7903057c6fa80bd7d3d3773ff9e887463a0f5b8c65eea3df1586031d37f41c5e8ee6ac8a767ca8e69
SSDEEP

384:BCkp9PmiCXlBHmCT01Jx90A+Q+u5A5b2Wh+jFRDXdGtJOBxuvrMG929Ueu:zp9f2GCg7EAKbkFRMODuvIG4y

Score

10^/10

modiloader discovery evasion execution trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

aa96e40363e19b4a3492662983805771_JaffaCakes118.exe

Resource

win7-20240903-en

modiloader discovery evasion execution trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

aa96e40363e19b4a3492662983805771_JaffaCakes118.exe

Resource

win10v2004-20241007-en

modiloader discovery evasion execution trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  aa96e40363e19b4a3492662983805771_JaffaCakes118
- Size
  
  27KB
- MD5
  
  aa96e40363e19b4a3492662983805771
- SHA1
  
  9e3d61ce12815e4c7f7398d5cf99e03072673172
- SHA256
  
  02281901066095d95f18550bda6e6c780fe38e1fbcb6d1d0065b12d3b93c3d23
- SHA512
  
  4a9e48aa308df2cac1a30e4403bba0f3c949ebe45d4dcdb7903057c6fa80bd7d3d3773ff9e887463a0f5b8c65eea3df1586031d37f41c5e8ee6ac8a767ca8e69
- SSDEEP
  
  384:BCkp9PmiCXlBHmCT01Jx90A+Q+u5A5b2Wh+jFRDXdGtJOBxuvrMG929Ueu:zp9f2GCg7EAKbkFRMODuvIG4y
Score

10^/10

modiloader discovery evasion execution trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modiloader family
  modiloader
- ModiLoader Second Stage
- Stops running service(s)
  evasion execution
- Deletes itself
- Network Share Discovery
  Attempt to gather information on host network.
  discovery
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Share Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

modiloaderdiscoveryevasionexecutiontrojanupx

behavioral2

modiloaderdiscoveryevasionexecutiontrojanupx

© 2018-2025

Terms | Privacy