modiloader | 65bad03ee1cb7fb500952335e2ccd5dc20ba17885d7fb506d4145636d2e3fc3d | Triage

Submit
Reports

Overview

overview

Static

static

3

Recycled.scr

windows7-x64

Recycled.scr

windows10-2004-x64

7

Sharing

General

Target

JaffaCakes118_65bad03ee1cb7fb500952335e2ccd5dc20ba17885d7fb506d4145636d2e3fc3d
Size

2.6MB
Sample

241223-rn21wssjgn
MD5

6dcfc357053cc57703a5a5b35a911cfe
SHA1

f96c31194148488f22158abc0e790b54af03dd64
SHA256

65bad03ee1cb7fb500952335e2ccd5dc20ba17885d7fb506d4145636d2e3fc3d
SHA512

eb55bc3c71b04c70f154d4b5d4fb57c4dda0efe988f67228afb267e963c50566fcdc11ce7209465631168eabcff1ec95cd1e06c50523459d6efa607a072228dd
SSDEEP

49152:5sBUoVa8L8xPC/YVwglc8k4IRZsFOu6aFQkB6K0uT3luA2x1OoMPHoVPSb:5sBC+x8HQ/pa36KlrlAK6E

Score

10^/10

modiloader discovery evasion trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Recycled.scr

Resource

win7-20240708-en

modiloader discovery evasion trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

Recycled.scr

Resource

win10v2004-20241007-en

discovery evasion trojan

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  Recycled.scr
- Size
  
  2.7MB
- MD5
  
  9b48981c56a3b8f6cffc0477c7543f41
- SHA1
  
  2ca465a582bfe5d3880c74bd93e8ff8db7a62c17
- SHA256
  
  28b14700d77c28f992ae6490f9736587d82b365956618e91a0a9e4bb675a1491
- SHA512
  
  837d006b4190c746a52b7cf7c66e785941a4c25dea8a2f952424d31ddd663a1a7cfbb1b278448f064859cfbf2bb0c3aaffa4cf1e2a720e30fde775221387ba17
- SSDEEP
  
  49152:Mq8baVBRf0cz64DUxOruWwxWjjUNShc3TGoVfiMX+GX6oMpS3:Mq8+VBt0kHg0lINL3aoV2GXWp
Score

10^/10

modiloader discovery evasion trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modiloader family
  modiloader
- ModiLoader Second Stage
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdiscoveryevasiontrojan

behavioral2

discoveryevasiontrojan

© 2018-2024

Terms | Privacy