modiloader | e0c76d73ac0fb784a55eaf6f76816428c2a4440ad27f5fdc2b788b2dd36d519b | Triage

Submit
Reports

Overview

overview

Static

static

5

e821781722...18.exe

windows7-x64

e821781722...18.exe

windows10-2004-x64

Sharing

General

Target

e8217817224533f2fe0e71a3ad048f3d_JaffaCakes118
Size

193KB
Sample

241212-y72b2aylcr
MD5

e8217817224533f2fe0e71a3ad048f3d
SHA1

1fdcdc6019953fa76811bbaf0af2d313ba3066fa
SHA256

e0c76d73ac0fb784a55eaf6f76816428c2a4440ad27f5fdc2b788b2dd36d519b
SHA512

18c63b8107cebbe983a22d7cca3e9c41c05323ea7028f377bbf2288fc1f960a9a84c96cd48d5fedda5eb7a032ab052c20d266548546b2a753eb1197e5ae54d75
SSDEEP

3072:C1+MJKrUnFYY5z1i0Nmbi5fJBNsFV+7out45Lm:CIrPj0NmWtNs7+7oS45

Score

10^/10

modiloader discovery evasion persistence trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

e8217817224533f2fe0e71a3ad048f3d_JaffaCakes118.exe

Resource

win7-20241023-en

modiloader discovery evasion persistence trojan upx

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

e8217817224533f2fe0e71a3ad048f3d_JaffaCakes118.exe

Resource

win10v2004-20241007-en

modiloader discovery evasion persistence trojan upx

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  e8217817224533f2fe0e71a3ad048f3d_JaffaCakes118
- Size
  
  193KB
- MD5
  
  e8217817224533f2fe0e71a3ad048f3d
- SHA1
  
  1fdcdc6019953fa76811bbaf0af2d313ba3066fa
- SHA256
  
  e0c76d73ac0fb784a55eaf6f76816428c2a4440ad27f5fdc2b788b2dd36d519b
- SHA512
  
  18c63b8107cebbe983a22d7cca3e9c41c05323ea7028f377bbf2288fc1f960a9a84c96cd48d5fedda5eb7a032ab052c20d266548546b2a753eb1197e5ae54d75
- SSDEEP
  
  3072:C1+MJKrUnFYY5z1i0Nmbi5fJBNsFV+7out45Lm:CIrPj0NmWtNs7+7oS45
Score

10^/10

modiloader discovery evasion persistence trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modiloader family
  modiloader
- UAC bypass
  evasion trojan
- ModiLoader Second Stage
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdiscoveryevasionpersistencetrojanupx

behavioral2

modiloaderdiscoveryevasionpersistencetrojanupx

© 2018-2025

Terms | Privacy