modiloader | 64e9a2c3997b14ca24353ab4fc1c3da5816d64727ac1b1043d50e7320ae613aa

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
16/01/2025, 07:49

Target

JaffaCakes118_6fb5cbb27fd187a60bcbca42bd221a5a.exe
Size

1.1MB
MD5

6fb5cbb27fd187a60bcbca42bd221a5a
SHA1

74e51a2ad61959482fc51e0ea8f386f154a264c4
SHA256

64e9a2c3997b14ca24353ab4fc1c3da5816d64727ac1b1043d50e7320ae613aa
SHA512

d2e78e5868f298a750b0136148d8d589af9ba49c177cea2c8792c2d9790cb26b4a581cd7b6eabdf10d2de450d0fb1014fef8b474ff1d7bad070c0bb3691ffc94
SSDEEP

24576:I+atOPKlGiEICoecb8L2TTPtTYnPRYeTZdHWnpnxAXZmt8:IibD/Me2T5TiRYWHE1mIe

Score

10^/10

modiloader trojan

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader
Modiloader family
modiloader

ModiLoader Second Stage 1 IoCs

resource	yara_rule
behavioral1/memory/2204-0-0x0000000000400000-0x000000000051CC90-memory.dmp	modiloader_stage2

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_6fb5cbb27fd187a60bcbca42bd221a5a.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_6fb5cbb27fd187a60bcbca42bd221a5a.exe"
1⤵
PID:2204

memory/2204-0-0x0000000000400000-0x000000000051CC90-memory.dmp

Filesize
1.1MB

Download