modiloader | e32dfc52d53f0c8837b3081580146dcd604fac63577ba73bc5df8a390a4266d4 | Triage

Submit
Reports

Overview

overview

Static

static

b571c6436b...18.exe

windows7-x64

b571c6436b...18.exe

windows10-2004-x64

Sharing

General

Target

b571c6436b3cb3a1f7cd606f5a4f6b47_JaffaCakes118
Size

151KB
Sample

241201-2c978svmcw
MD5

b571c6436b3cb3a1f7cd606f5a4f6b47
SHA1

d9b0d6c9f090f2b79596574698eb0a65b5109dd1
SHA256

e32dfc52d53f0c8837b3081580146dcd604fac63577ba73bc5df8a390a4266d4
SHA512

b6d759c50379b29807b79694cf9f204e03d19f5a3611df8ad993046803b9d389084a633c67e128703c843c63bac5c8360a2be7abcbfd0cd21ab88b6b97e2dd35
SSDEEP

3072:4gS/NvZd8SjsBoyi05vCLWT87qE3ONeKVx7J1bmsvD+ew:qf6QsCyrP2AeKJ1Ke

Score

10^/10

modiloader sality backdoor discovery evasion trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

b571c6436b3cb3a1f7cd606f5a4f6b47_JaffaCakes118.exe

Resource

win7-20240903-en

modiloader sality backdoor discovery trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

b571c6436b3cb3a1f7cd606f5a4f6b47_JaffaCakes118.exe

Resource

win10v2004-20241007-en

modiloader sality backdoor discovery evasion trojan upx

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  b571c6436b3cb3a1f7cd606f5a4f6b47_JaffaCakes118
- Size
  
  151KB
- MD5
  
  b571c6436b3cb3a1f7cd606f5a4f6b47
- SHA1
  
  d9b0d6c9f090f2b79596574698eb0a65b5109dd1
- SHA256
  
  e32dfc52d53f0c8837b3081580146dcd604fac63577ba73bc5df8a390a4266d4
- SHA512
  
  b6d759c50379b29807b79694cf9f204e03d19f5a3611df8ad993046803b9d389084a633c67e128703c843c63bac5c8360a2be7abcbfd0cd21ab88b6b97e2dd35
- SSDEEP
  
  3072:4gS/NvZd8SjsBoyi05vCLWT87qE3ONeKVx7J1bmsvD+ew:qf6QsCyrP2AeKJ1Ke
Score

10^/10

modiloader sality backdoor discovery trojan upx evasion
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies firewall policy service
  evasion
- Modiloader family
  modiloader
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- Sality family
  sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- ModiLoader Second Stage
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloadersalitybackdoordiscoverytrojanupx

behavioral2

modiloadersalitybackdoordiscoveryevasiontrojanupx

© 2018-2025

Terms | Privacy