modiloader | e239def3faaa37f347965c7a0f471fb937d11ea7cb65a63f6ffe587ebef28012 | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...9a.exe

windows7-x64

JaffaCakes...9a.exe

windows10-2004-x64

3

Sharing

General

Target

JaffaCakes118_059620eed11fb810cbe338e3adfcd19a
Size

427KB
Sample

250121-syf2vazrcw
MD5

059620eed11fb810cbe338e3adfcd19a
SHA1

2dea7047c0213a8695665c2f01a14bc1457b70ec
SHA256

e239def3faaa37f347965c7a0f471fb937d11ea7cb65a63f6ffe587ebef28012
SHA512

70196dfe141a760a6d43cccef90df8203c19793a9f1456aad71f98608de83d13b5c1af5f8362b4dca2ef2f2ed996c8fe86322d0e1ffbf88948671ca32f0e3d3f
SSDEEP

12288:GSCC/p+/vzIhELBiJygmQhdyb1lUu3SLBN1:c8+/eEgQ6hE28S1N1

Score

10^/10

modiloader defense_evasion discovery trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_059620eed11fb810cbe338e3adfcd19a.exe

Resource

win7-20240903-en

modiloader defense_evasion discovery trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_059620eed11fb810cbe338e3adfcd19a.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_059620eed11fb810cbe338e3adfcd19a
- Size
  
  427KB
- MD5
  
  059620eed11fb810cbe338e3adfcd19a
- SHA1
  
  2dea7047c0213a8695665c2f01a14bc1457b70ec
- SHA256
  
  e239def3faaa37f347965c7a0f471fb937d11ea7cb65a63f6ffe587ebef28012
- SHA512
  
  70196dfe141a760a6d43cccef90df8203c19793a9f1456aad71f98608de83d13b5c1af5f8362b4dca2ef2f2ed996c8fe86322d0e1ffbf88948671ca32f0e3d3f
- SSDEEP
  
  12288:GSCC/p+/vzIhELBiJygmQhdyb1lUu3SLBN1:c8+/eEgQ6hE28S1N1
Score

10^/10

modiloader defense_evasion discovery trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modiloader family
  modiloader
- ModiLoader Second Stage
- Executes dropped EXE
- Checks whether UAC is enabled
  defense_evasion trojan
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdefense_evasiondiscoverytrojan

behavioral2

© 2018-2025

Terms | Privacy