modiloader | 6cde68262c4e1b9813c1decf82c06efa1c74eed42fb38fcba3dc0cabdbf29ca1 | Triage

Submit
Reports

Overview

overview

Static

static

5

e37907163a...18.exe

windows7-x64

e37907163a...18.exe

windows10-2004-x64

Sharing

General

Target

e37907163a8a6675b4e66ff75978f128_JaffaCakes118
Size

388KB
Sample

241211-19j7msvnbp
MD5

e37907163a8a6675b4e66ff75978f128
SHA1

575d44ad76239795c093103b7e34e23d5c33b475
SHA256

6cde68262c4e1b9813c1decf82c06efa1c74eed42fb38fcba3dc0cabdbf29ca1
SHA512

792f95ba82dc31aeca75d57d15148c933b05e6d4ebc63af18f4c56603b4061917ef719f2de75d96446487dc40df902f4cdff56627bbdf2d944e6912cf06fb24c
SSDEEP

12288:HHLUMuiv9RgfSjAzRtyTx+qup8RW77sK2W:btARyuHc2

Score

10^/10

modiloader discovery evasion spyware stealer trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

e37907163a8a6675b4e66ff75978f128_JaffaCakes118.exe

Resource

win7-20240729-en

modiloader discovery evasion spyware stealer trojan upx

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

e37907163a8a6675b4e66ff75978f128_JaffaCakes118.exe

Resource

win10v2004-20241007-en

modiloader discovery evasion spyware stealer trojan upx

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  e37907163a8a6675b4e66ff75978f128_JaffaCakes118
- Size
  
  388KB
- MD5
  
  e37907163a8a6675b4e66ff75978f128
- SHA1
  
  575d44ad76239795c093103b7e34e23d5c33b475
- SHA256
  
  6cde68262c4e1b9813c1decf82c06efa1c74eed42fb38fcba3dc0cabdbf29ca1
- SHA512
  
  792f95ba82dc31aeca75d57d15148c933b05e6d4ebc63af18f4c56603b4061917ef719f2de75d96446487dc40df902f4cdff56627bbdf2d944e6912cf06fb24c
- SSDEEP
  
  12288:HHLUMuiv9RgfSjAzRtyTx+qup8RW77sK2W:btARyuHc2
Score

10^/10

modiloader discovery evasion spyware stealer trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modiloader family
  modiloader
- UAC bypass
  evasion trojan
- ModiLoader Second Stage
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks whether UAC is enabled
  evasion trojan
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdiscoveryevasionspywarestealertrojanupx

behavioral2

modiloaderdiscoveryevasionspywarestealertrojanupx

© 2018-2025

Terms | Privacy