modiloader | a4b1d05e514f164741feb6051c3a0f372013932a767b12e367e6ff1ec834f1f8 | Triage

Submit
Reports

Overview

overview

Static

static

JaffaCakes...20.exe

windows7-x64

JaffaCakes...20.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_51341a902c37d78bd5222114088ed420
Size

179KB
Sample

250101-mbbkys1rh1
MD5

51341a902c37d78bd5222114088ed420
SHA1

eccb23a3798835ef3a81641ce7fbc645db624d0b
SHA256

a4b1d05e514f164741feb6051c3a0f372013932a767b12e367e6ff1ec834f1f8
SHA512

ee9750f9e695e6b153731bb0ddd0f177c42fd1d1fb74f1be0dd7ad4718d49ed1174e874ca4bc38d2fb91c3dd5db62b511194c99220701c088c46931a67a0b73b
SSDEEP

3072:XCGW/VTdrimvG9swA4bcAeDofRDbkeOQBqnOk5EIDXiAry7AJm4ri8oRM53K:3W/ysvNbAdBwOkl+xwf6

Score

10^/10

modiloader defense_evasion discovery persistence trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_51341a902c37d78bd5222114088ed420.exe

Resource

win7-20241010-en

modiloader defense_evasion discovery persistence trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_51341a902c37d78bd5222114088ed420.exe

Resource

win10v2004-20241007-en

modiloader defense_evasion discovery persistence trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_51341a902c37d78bd5222114088ed420
- Size
  
  179KB
- MD5
  
  51341a902c37d78bd5222114088ed420
- SHA1
  
  eccb23a3798835ef3a81641ce7fbc645db624d0b
- SHA256
  
  a4b1d05e514f164741feb6051c3a0f372013932a767b12e367e6ff1ec834f1f8
- SHA512
  
  ee9750f9e695e6b153731bb0ddd0f177c42fd1d1fb74f1be0dd7ad4718d49ed1174e874ca4bc38d2fb91c3dd5db62b511194c99220701c088c46931a67a0b73b
- SSDEEP
  
  3072:XCGW/VTdrimvG9swA4bcAeDofRDbkeOQBqnOk5EIDXiAry7AJm4ri8oRM53K:3W/ysvNbAdBwOkl+xwf6
Score

10^/10

modiloader defense_evasion discovery persistence trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modiloader family
  modiloader
- ModiLoader Second Stage
- Server Software Component: Terminal Services DLL
  persistence
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Deletes itself
- Loads dropped DLL
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdefense_evasiondiscoverypersistencetrojanupx

behavioral2

modiloaderdefense_evasiondiscoverypersistencetrojanupx

© 2018-2025

Terms | Privacy