modiloader | 611ac703f76163fe8a72bbafb23b09fc1a9a8a72f1a4f6a4e87f2da19c3bac4a | Triage

Submit
Reports

Overview

overview

Static

static

3

fcdfc8ab0f...18.exe

windows7-x64

fcdfc8ab0f...18.exe

windows10-2004-x64

Sharing

General

Target

fcdfc8ab0f761a7a5231b41bcbcb9d7c_JaffaCakes118
Size

1.9MB
Sample

241218-yga26azqam
MD5

fcdfc8ab0f761a7a5231b41bcbcb9d7c
SHA1

bd1b6536f1bc169d5c9d8b7c57951d649690fc0d
SHA256

611ac703f76163fe8a72bbafb23b09fc1a9a8a72f1a4f6a4e87f2da19c3bac4a
SHA512

294a441681f568240b4fa56da653ce0e128506c98ef49381b2555b201734910191e8a94a593255e19a080f858366cd0388df937f829c3bfabb6d9709b7f3d554
SSDEEP

24576:DcaZGI6sREDijpdRdhIVk0/Co1QYv8DT3Sb/Yg8MpBwQICWTiG4WNiGpUnvxTy3b:Qat6sR1/hIVtC4QYv81MF2OnvxEQtzs

Score

10^/10

modiloader discovery evasion trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

fcdfc8ab0f761a7a5231b41bcbcb9d7c_JaffaCakes118.exe

Resource

win7-20240903-en

modiloader discovery evasion trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

fcdfc8ab0f761a7a5231b41bcbcb9d7c_JaffaCakes118.exe

Resource

win10v2004-20241007-en

modiloader discovery evasion trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  fcdfc8ab0f761a7a5231b41bcbcb9d7c_JaffaCakes118
- Size
  
  1.9MB
- MD5
  
  fcdfc8ab0f761a7a5231b41bcbcb9d7c
- SHA1
  
  bd1b6536f1bc169d5c9d8b7c57951d649690fc0d
- SHA256
  
  611ac703f76163fe8a72bbafb23b09fc1a9a8a72f1a4f6a4e87f2da19c3bac4a
- SHA512
  
  294a441681f568240b4fa56da653ce0e128506c98ef49381b2555b201734910191e8a94a593255e19a080f858366cd0388df937f829c3bfabb6d9709b7f3d554
- SSDEEP
  
  24576:DcaZGI6sREDijpdRdhIVk0/Co1QYv8DT3Sb/Yg8MpBwQICWTiG4WNiGpUnvxTy3b:Qat6sR1/hIVtC4QYv81MF2OnvxEQtzs
Score

10^/10

modiloader discovery evasion trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modiloader family
  modiloader
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- ModiLoader Second Stage
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdiscoveryevasiontrojan

behavioral2

modiloaderdiscoveryevasiontrojan

© 2018-2025

Terms | Privacy