modiloader | b5c96d6f5d3cf75e91f7b43166b86042b8951b75d5a9f3cd9642abee38776376 | Triage

Submit
Reports

Overview

overview

Static

static

3

fa81051829...18.exe

windows7-x64

fa81051829...18.exe

windows10-2004-x64

Sharing

General

Target

fa81051829a3d385d98e67238af2565a_JaffaCakes118
Size

174KB
Sample

241218-hhpc6sxpew
MD5

fa81051829a3d385d98e67238af2565a
SHA1

341a494d1a82f9c6965c456495ff0c7429b8353d
SHA256

b5c96d6f5d3cf75e91f7b43166b86042b8951b75d5a9f3cd9642abee38776376
SHA512

8cf6daefe0326bdf920292883881d897d8cd6f92b8408793641713590058e1b06b9926d15cecdd8ea819932cd502ef938a3f119c8092cb8ba86938fd4333b1b0
SSDEEP

3072:T1Y/WrL2R2eR3qKmZCDO9r37AuIId0xtsH9wTrw/rOFoIC3Trw/rOFoICc:pY/Wr42eVq7Zn7HbnKTU/rMoJTU/rMoq

Score

10^/10

modiloader discovery trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

fa81051829a3d385d98e67238af2565a_JaffaCakes118.exe

Resource

win7-20240903-en

modiloader discovery trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

fa81051829a3d385d98e67238af2565a_JaffaCakes118.exe

Resource

win10v2004-20241007-en

modiloader discovery trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  fa81051829a3d385d98e67238af2565a_JaffaCakes118
- Size
  
  174KB
- MD5
  
  fa81051829a3d385d98e67238af2565a
- SHA1
  
  341a494d1a82f9c6965c456495ff0c7429b8353d
- SHA256
  
  b5c96d6f5d3cf75e91f7b43166b86042b8951b75d5a9f3cd9642abee38776376
- SHA512
  
  8cf6daefe0326bdf920292883881d897d8cd6f92b8408793641713590058e1b06b9926d15cecdd8ea819932cd502ef938a3f119c8092cb8ba86938fd4333b1b0
- SSDEEP
  
  3072:T1Y/WrL2R2eR3qKmZCDO9r37AuIId0xtsH9wTrw/rOFoIC3Trw/rOFoICc:pY/Wr42eVq7Zn7HbnKTU/rMoJTU/rMoq
Score

10^/10

modiloader discovery trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modiloader family
  modiloader
- ModiLoader Second Stage
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdiscoverytrojan

behavioral2

modiloaderdiscoverytrojan

© 2018-2025

Terms | Privacy