modiloader | ad4abfbca1ca9ba80feaeafa93ec43a856a21f40c06b0f1d97471870cd578083 | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...5a.exe

windows7-x64

JaffaCakes...5a.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_041b9837d183906ee7d87f18e57c925a
Size

191KB
Sample

250121-m5frrszpbw
MD5

041b9837d183906ee7d87f18e57c925a
SHA1

515ed905ef5897b0e1d41fab73d2aef9c860335a
SHA256

ad4abfbca1ca9ba80feaeafa93ec43a856a21f40c06b0f1d97471870cd578083
SHA512

f932fbd474c725cbba3d945bd1558bb53c2cbc0ffd3ba855d54041655f22f1989aa52bd14d85361485cd0c21a707ca51842b59daf2ffc615f718c7cef3ba32c8
SSDEEP

3072:u79gVnGBsDkBLisGnBvfYyQHPzoKuyuBFlpzKjngjcukDVyqjWTBJ9Qe4p9OARM5:WgVGBskB2sGBnDMzInzKzgYuYjKBJWe9

Score

10^/10

modiloader defense_evasion discovery persistence trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_041b9837d183906ee7d87f18e57c925a.exe

Resource

win7-20240903-en

modiloader defense_evasion discovery persistence trojan upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_041b9837d183906ee7d87f18e57c925a.exe

Resource

win10v2004-20241007-en

modiloader defense_evasion discovery persistence trojan upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_041b9837d183906ee7d87f18e57c925a
- Size
  
  191KB
- MD5
  
  041b9837d183906ee7d87f18e57c925a
- SHA1
  
  515ed905ef5897b0e1d41fab73d2aef9c860335a
- SHA256
  
  ad4abfbca1ca9ba80feaeafa93ec43a856a21f40c06b0f1d97471870cd578083
- SHA512
  
  f932fbd474c725cbba3d945bd1558bb53c2cbc0ffd3ba855d54041655f22f1989aa52bd14d85361485cd0c21a707ca51842b59daf2ffc615f718c7cef3ba32c8
- SSDEEP
  
  3072:u79gVnGBsDkBLisGnBvfYyQHPzoKuyuBFlpzKjngjcukDVyqjWTBJ9Qe4p9OARM5:WgVGBskB2sGBnDMzInzKzgYuYjKBJWe9
Score

10^/10

modiloader defense_evasion discovery persistence trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modiloader family
  modiloader
- ModiLoader Second Stage
- Impair Defenses: Safe Mode Boot
  defense_evasion
- Adds Run key to start application
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Safe Mode Boot

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdefense_evasiondiscoverypersistencetrojanupx

behavioral2

modiloaderdefense_evasiondiscoverypersistencetrojanupx

© 2018-2025

Terms | Privacy