modiloader | 5e41dc342bcdba4d3e085f52a35721c6b03d8f3ef95310214577d009817faf82 | Triage

Submit
Reports

Overview

overview

Static

static

3

dc51e3c7fd...18.exe

windows7-x64

dc51e3c7fd...18.exe

windows10-2004-x64

Sharing

General

Target

dc51e3c7fdf443110ef0b42251a74c5a_JaffaCakes118
Size

565KB
Sample

241210-bgtg6sxrav
MD5

dc51e3c7fdf443110ef0b42251a74c5a
SHA1

96650ce61fb2f3aa18ac55b8782e6a4186027ea1
SHA256

5e41dc342bcdba4d3e085f52a35721c6b03d8f3ef95310214577d009817faf82
SHA512

84f9294d794ae29fdc2b65d54acd0e0f44cd8b3ce42bc01ef3c3c1dc1862fcbb043b7e22842add0586097c38120366dd06c21449ab455425e92a470807c26f5c
SSDEEP

12288:PCmBr+buJqVzYKj86swbdOVzYKj86sz6OaDDVzYKj86srv7Xxd:P9Br+bu8pYOepYOIPWpYOKvzxd

Score

10^/10

modiloader aspackv2 bootkit discovery evasion persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

dc51e3c7fdf443110ef0b42251a74c5a_JaffaCakes118.exe

Resource

win7-20241023-en

modiloader aspackv2 bootkit discovery evasion persistence trojan

windows7-x64

21 signatures

150 seconds

Behavioral task

behavioral2

Sample

dc51e3c7fdf443110ef0b42251a74c5a_JaffaCakes118.exe

Resource

win10v2004-20241007-en

modiloader aspackv2 discovery evasion trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  dc51e3c7fdf443110ef0b42251a74c5a_JaffaCakes118
- Size
  
  565KB
- MD5
  
  dc51e3c7fdf443110ef0b42251a74c5a
- SHA1
  
  96650ce61fb2f3aa18ac55b8782e6a4186027ea1
- SHA256
  
  5e41dc342bcdba4d3e085f52a35721c6b03d8f3ef95310214577d009817faf82
- SHA512
  
  84f9294d794ae29fdc2b65d54acd0e0f44cd8b3ce42bc01ef3c3c1dc1862fcbb043b7e22842add0586097c38120366dd06c21449ab455425e92a470807c26f5c
- SSDEEP
  
  12288:PCmBr+buJqVzYKj86swbdOVzYKj86sz6OaDDVzYKj86srv7Xxd:P9Br+bu8pYOepYOIPWpYOKvzxd
Score

10^/10

modiloader aspackv2 bootkit discovery evasion persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modiloader family
  modiloader
- UAC bypass
  evasion trojan
- ModiLoader Second Stage
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Pre-OS Boot

Bootkit

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Active Setup

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderaspackv2bootkitdiscoveryevasionpersistencetrojan

behavioral2

modiloaderaspackv2discoveryevasiontrojan

© 2018-2025

Terms | Privacy