modiloader | 05de89c7568e56789746623d5dcd674308390095a07758438a2e3132090fce2d | Triage

Submit
Reports

Overview

overview

Static

static

e38d597e16...18.exe

windows7-x64

e38d597e16...18.exe

windows10-2004-x64

Sharing

General

Target

e38d597e16fa38ba98eddd7e9efdd985_JaffaCakes118
Size

633KB
Sample

241211-2pnj1a1ma1
MD5

e38d597e16fa38ba98eddd7e9efdd985
SHA1

abcef5a1d55fdf3b3e163104bb4cc8d634094b1c
SHA256

05de89c7568e56789746623d5dcd674308390095a07758438a2e3132090fce2d
SHA512

1926377d77fcfb11a8a83cd49323f06cb535f956e675f3d7719dbbf6ec3576985079225335fd230630298ea2a563d09b22cecd1b7223cf35891c3546628094a8
SSDEEP

12288:cUDAdUS9kJ8lGy+bJH0QZ/z/QXmu2j6JwPJ8cdBDx3bpMwQc:cO0USVHKqXmHoiBN3Kw5

Score

10^/10

modiloader discovery execution persistence trojan upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

e38d597e16fa38ba98eddd7e9efdd985_JaffaCakes118.exe

Resource

win7-20241010-en

modiloader discovery execution persistence trojan upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

e38d597e16fa38ba98eddd7e9efdd985_JaffaCakes118.exe

Resource

win10v2004-20241007-en

modiloader discovery execution persistence trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  e38d597e16fa38ba98eddd7e9efdd985_JaffaCakes118
- Size
  
  633KB
- MD5
  
  e38d597e16fa38ba98eddd7e9efdd985
- SHA1
  
  abcef5a1d55fdf3b3e163104bb4cc8d634094b1c
- SHA256
  
  05de89c7568e56789746623d5dcd674308390095a07758438a2e3132090fce2d
- SHA512
  
  1926377d77fcfb11a8a83cd49323f06cb535f956e675f3d7719dbbf6ec3576985079225335fd230630298ea2a563d09b22cecd1b7223cf35891c3546628094a8
- SSDEEP
  
  12288:cUDAdUS9kJ8lGy+bJH0QZ/z/QXmu2j6JwPJ8cdBDx3bpMwQc:cO0USVHKqXmHoiBN3Kw5
Score

10^/10

modiloader discovery execution persistence trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modiloader family
  modiloader
- ModiLoader Second Stage
- Creates new service(s)
  persistence execution
- Deletes itself
- Network Share Discovery
  Attempt to gather information on host network.
  discovery
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Credential Access

Discovery

Network Share Discovery

Remote System Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdiscoveryexecutionpersistencetrojanupx

behavioral2

modiloaderdiscoveryexecutionpersistencetrojanupx

© 2018-2025

Terms | Privacy