modiloader | 4b89a52186085a9be48466e83892f41134739688f1575ef28cb2a01a98dc071a | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...94.exe

windows7-x64

JaffaCakes...94.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_2fc84ea98f7f52999dc86b8c0fe39794
Size

650KB
Sample

250113-1ljk7syka1
MD5

2fc84ea98f7f52999dc86b8c0fe39794
SHA1

13d203f95c29fafceed414bc7cd9dd3f822f824f
SHA256

4b89a52186085a9be48466e83892f41134739688f1575ef28cb2a01a98dc071a
SHA512

fa3f2ccb20dacf6674f1699c0c055594c83cb5c95cff667a3ddc7e0a94f4381c957a73c2dc34cac940c5a45bdcbda1d2044cfd5234f1373e1e3f522ad88b9cd0
SSDEEP

12288:GpXNBbDvAOb7e7yJLqDWQcTxrXbuutkv/FV9bOI4:QbDn7e2JLPQctDbztkvNbOI4

Score

10^/10

modiloader discovery persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_2fc84ea98f7f52999dc86b8c0fe39794.exe

Resource

win7-20240903-en

modiloader discovery persistence trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_2fc84ea98f7f52999dc86b8c0fe39794.exe

Resource

win10v2004-20241007-en

modiloader discovery persistence trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_2fc84ea98f7f52999dc86b8c0fe39794
- Size
  
  650KB
- MD5
  
  2fc84ea98f7f52999dc86b8c0fe39794
- SHA1
  
  13d203f95c29fafceed414bc7cd9dd3f822f824f
- SHA256
  
  4b89a52186085a9be48466e83892f41134739688f1575ef28cb2a01a98dc071a
- SHA512
  
  fa3f2ccb20dacf6674f1699c0c055594c83cb5c95cff667a3ddc7e0a94f4381c957a73c2dc34cac940c5a45bdcbda1d2044cfd5234f1373e1e3f522ad88b9cd0
- SSDEEP
  
  12288:GpXNBbDvAOb7e7yJLqDWQcTxrXbuutkv/FV9bOI4:QbDn7e2JLPQctDbztkvNbOI4
Score

10^/10

modiloader discovery persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies WinLogon for persistence
  persistence
- Modiloader family
  modiloader
- ModiLoader Second Stage
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdiscoverypersistencetrojan

behavioral2

modiloaderdiscoverypersistencetrojan

© 2018-2025

Terms | Privacy