modiloader | b0a561b7d680607d0b08c522e0e45af49aff4389d078f819b4e33a43db586f7f | Triage

Submit
Reports

Overview

overview

Static

static

3

ec0f0f03dc...18.exe

windows7-x64

ec0f0f03dc...18.exe

windows10-2004-x64

Sharing

General

Target

ec0f0f03dc4b924cf98be8a2b442ffc4_JaffaCakes118
Size

785KB
Sample

241213-scrw8asjbs
MD5

ec0f0f03dc4b924cf98be8a2b442ffc4
SHA1

3897d2869f1c5e5e63e5a8db2694b31b7cec653a
SHA256

b0a561b7d680607d0b08c522e0e45af49aff4389d078f819b4e33a43db586f7f
SHA512

10b761e492add4cecd667a3f5944c40d25e19b21ee41924b30f0f27db07c6aeed12add1e891c712fca8659bfb3f94ddb1e377e0f19dbbc46b8e880cd22cd1280
SSDEEP

12288:r+/KiqEaOtfFFjSkxmGlICB54FhVtu/zkHQP8daKBF3Z4mxxJyOjhdIVjG/:CrFayFFWUhuCG0QwU0KBQmXxdSU/

Score

10^/10

modiloader discovery trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ec0f0f03dc4b924cf98be8a2b442ffc4_JaffaCakes118.exe

Resource

win7-20241010-en

modiloader discovery trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

ec0f0f03dc4b924cf98be8a2b442ffc4_JaffaCakes118.exe

Resource

win10v2004-20241007-en

modiloader discovery trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  ec0f0f03dc4b924cf98be8a2b442ffc4_JaffaCakes118
- Size
  
  785KB
- MD5
  
  ec0f0f03dc4b924cf98be8a2b442ffc4
- SHA1
  
  3897d2869f1c5e5e63e5a8db2694b31b7cec653a
- SHA256
  
  b0a561b7d680607d0b08c522e0e45af49aff4389d078f819b4e33a43db586f7f
- SHA512
  
  10b761e492add4cecd667a3f5944c40d25e19b21ee41924b30f0f27db07c6aeed12add1e891c712fca8659bfb3f94ddb1e377e0f19dbbc46b8e880cd22cd1280
- SSDEEP
  
  12288:r+/KiqEaOtfFFjSkxmGlICB54FhVtu/zkHQP8daKBF3Z4mxxJyOjhdIVjG/:CrFayFFWUhuCG0QwU0KBQmXxdSU/
Score

10^/10

modiloader discovery trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modiloader family
  modiloader
- ModiLoader Second Stage
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdiscoverytrojan

behavioral2

modiloaderdiscoverytrojan

© 2018-2025

Terms | Privacy