modiloader | d7c6d8cc6dbe2fb4072756b4c58427303ad62e044e2b9142fdcd3f2dac61f31d | Triage

Submit
Reports

Overview

overview

Static

static

3

fa4a3f11a4...18.exe

windows7-x64

fa4a3f11a4...18.exe

windows10-2004-x64

Sharing

General

Target

fa4a3f11a4f6dec0995b6d08692a175f_JaffaCakes118
Size

365KB
Sample

241218-f7j4msvpbw
MD5

fa4a3f11a4f6dec0995b6d08692a175f
SHA1

61a13d2666b99c623976d5dede5a8cbbedc88059
SHA256

d7c6d8cc6dbe2fb4072756b4c58427303ad62e044e2b9142fdcd3f2dac61f31d
SHA512

311c31a70a52899ce9225ea9a4ef475126dc2becfab3be87e3711e163578e9dceb6cd5466f8553165fe9a59281b0fd464814e601b4616dc6b9a6be7aa26ac4b7
SSDEEP

6144:B/0uoDXyB5M+4MMLJI0IcaVY8ijYMi9rWYKQc8OA8FNuw/g4Pwkn5vjOL:BJgip4nK1pHiYHhKQSZJ1Pwkn5vjk

Score

10^/10

modiloader discovery persistence trojan vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

fa4a3f11a4f6dec0995b6d08692a175f_JaffaCakes118.exe

Resource

win7-20240729-en

modiloader discovery persistence trojan vmprotect

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

fa4a3f11a4f6dec0995b6d08692a175f_JaffaCakes118.exe

Resource

win10v2004-20241007-en

modiloader discovery persistence trojan vmprotect

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  fa4a3f11a4f6dec0995b6d08692a175f_JaffaCakes118
- Size
  
  365KB
- MD5
  
  fa4a3f11a4f6dec0995b6d08692a175f
- SHA1
  
  61a13d2666b99c623976d5dede5a8cbbedc88059
- SHA256
  
  d7c6d8cc6dbe2fb4072756b4c58427303ad62e044e2b9142fdcd3f2dac61f31d
- SHA512
  
  311c31a70a52899ce9225ea9a4ef475126dc2becfab3be87e3711e163578e9dceb6cd5466f8553165fe9a59281b0fd464814e601b4616dc6b9a6be7aa26ac4b7
- SSDEEP
  
  6144:B/0uoDXyB5M+4MMLJI0IcaVY8ijYMi9rWYKQc8OA8FNuw/g4Pwkn5vjOL:BJgip4nK1pHiYHhKQSZJ1Pwkn5vjk
Score

10^/10

modiloader discovery persistence trojan vmprotect
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modiloader family
  modiloader
- ModiLoader Second Stage
- Executes dropped EXE
- Loads dropped DLL
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdiscoverypersistencetrojanvmprotect

behavioral2

modiloaderdiscoverypersistencetrojanvmprotect

© 2018-2024

Terms | Privacy