modiloader | e3eb2a837458abc3eedbdd2101ec2f1a2f1a2f0284eebff9e1b6f842d8e3984e | Triage

Submit
Reports

Overview

overview

Static

static

3

c902e17a36...18.exe

windows7-x64

c902e17a36...18.exe

windows10-2004-x64

Sharing

General

Target

c902e17a361f31d15bddeaa2440e598e_JaffaCakes118
Size

388KB
Sample

241205-xq7xtaxmaz
MD5

c902e17a361f31d15bddeaa2440e598e
SHA1

e5bfde6265491c5877e2adb034ed9684b654b67f
SHA256

e3eb2a837458abc3eedbdd2101ec2f1a2f1a2f0284eebff9e1b6f842d8e3984e
SHA512

28bca0537cb4afdbef355fe6f7fb2760c7385411d8a6bb9d718927ad6b6c8cc63e74de05cd56a98a8211d19b923d8fce41561e1ffbce446bfa44567bb06f412c
SSDEEP

6144:BjlW8Lu14DT0EfwiZXydOIpdPLnQJgHTgXfzwvSe85F2m1zSh4HBSh4H:fHMpEbAdOsdPDQjXcejw7

Score

10^/10

modiloader discovery evasion trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c902e17a361f31d15bddeaa2440e598e_JaffaCakes118.exe

Resource

win7-20240729-en

modiloader discovery evasion trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

c902e17a361f31d15bddeaa2440e598e_JaffaCakes118.exe

Resource

win10v2004-20241007-en

modiloader discovery evasion trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  c902e17a361f31d15bddeaa2440e598e_JaffaCakes118
- Size
  
  388KB
- MD5
  
  c902e17a361f31d15bddeaa2440e598e
- SHA1
  
  e5bfde6265491c5877e2adb034ed9684b654b67f
- SHA256
  
  e3eb2a837458abc3eedbdd2101ec2f1a2f1a2f0284eebff9e1b6f842d8e3984e
- SHA512
  
  28bca0537cb4afdbef355fe6f7fb2760c7385411d8a6bb9d718927ad6b6c8cc63e74de05cd56a98a8211d19b923d8fce41561e1ffbce446bfa44567bb06f412c
- SSDEEP
  
  6144:BjlW8Lu14DT0EfwiZXydOIpdPLnQJgHTgXfzwvSe85F2m1zSh4HBSh4H:fHMpEbAdOsdPDQjXcejw7
Score

10^/10

modiloader discovery evasion trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modiloader family
  modiloader
- UAC bypass
  evasion trojan
- ModiLoader Second Stage
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdiscoveryevasiontrojan

behavioral2

modiloaderdiscoveryevasiontrojan

© 2018-2025

Terms | Privacy