modiloader | 63c849918b094cca719b2a553789ef80ec11de3f4e2aa80f004600f237b9a031 | Triage

Submit
Reports

Overview

overview

Static

static

3

f3c95dafa7...18.exe

windows7-x64

f3c95dafa7...18.exe

windows10-2004-x64

Sharing

General

Target

f3c95dafa7e26ee5fc688aed47342127_JaffaCakes118
Size

140KB
Sample

241215-nlssnavjgq
MD5

f3c95dafa7e26ee5fc688aed47342127
SHA1

e880e4b9074dd7a10db062b8af68819aaa375f87
SHA256

63c849918b094cca719b2a553789ef80ec11de3f4e2aa80f004600f237b9a031
SHA512

c91a5cb39a4797e96488a89fc6e131ee9a787b23ea6ca1fbbe4bc04c2ef332ec5ce3493114793cb729ad2c17949ee8ae3d52fa3ad0f23c1b4afcd08e428468b8
SSDEEP

3072:BXQjCdzPId6w9Fmn8kxVa9TxisP8S3xsNJHU7TS/ULUN:KGd49FmnbxVaisPb5LA

Score

10^/10

modiloader discovery evasion trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f3c95dafa7e26ee5fc688aed47342127_JaffaCakes118.exe

Resource

win7-20240903-en

modiloader discovery evasion trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

f3c95dafa7e26ee5fc688aed47342127_JaffaCakes118.exe

Resource

win10v2004-20241007-en

modiloader discovery evasion trojan upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  f3c95dafa7e26ee5fc688aed47342127_JaffaCakes118
- Size
  
  140KB
- MD5
  
  f3c95dafa7e26ee5fc688aed47342127
- SHA1
  
  e880e4b9074dd7a10db062b8af68819aaa375f87
- SHA256
  
  63c849918b094cca719b2a553789ef80ec11de3f4e2aa80f004600f237b9a031
- SHA512
  
  c91a5cb39a4797e96488a89fc6e131ee9a787b23ea6ca1fbbe4bc04c2ef332ec5ce3493114793cb729ad2c17949ee8ae3d52fa3ad0f23c1b4afcd08e428468b8
- SSDEEP
  
  3072:BXQjCdzPId6w9Fmn8kxVa9TxisP8S3xsNJHU7TS/ULUN:KGd49FmnbxVaisPb5LA
Score

10^/10

modiloader discovery evasion trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modiloader family
  modiloader
- UAC bypass
  evasion trojan
- ModiLoader Second Stage
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdiscoveryevasiontrojanupx

behavioral2

modiloaderdiscoveryevasiontrojanupx

© 2018-2025

Terms | Privacy