modiloader | d1e7c4ed60624519948aabf10d08a01d45b0e55b8f1bfcfb70ecdb7006eb68c1 | Triage

Submit
Reports

Overview

overview

Static

static

7

JaffaCakes...76.exe

windows7-x64

JaffaCakes...76.exe

windows10-2004-x64

7

Sharing

General

Target

JaffaCakes118_16a19dc0970014a4be3502a93a500c76
Size

790KB
Sample

250123-nbj3rsxqax
MD5

16a19dc0970014a4be3502a93a500c76
SHA1

b305de1d8b6dfe63e41002b42ab0adc6ea73d5f3
SHA256

d1e7c4ed60624519948aabf10d08a01d45b0e55b8f1bfcfb70ecdb7006eb68c1
SHA512

167ca62ac7a92dfb2dc6dff0f00ed20bff5002e5e8a0c322d290d7ab8a6f36ae29f30c6c42ff7ae945d5178a42cc541fd0e77f27195b88c4996820020dec21a2
SSDEEP

12288:N5zWhrhN04EGJigUzv1ucp17PcugZiKQsh4veFvplQw9VRbnPzEvW85k/SWrgVpM:NUhrHpUkuzpsOghEvxxj41

Score

10^/10

modiloader defense_evasion discovery themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_16a19dc0970014a4be3502a93a500c76.exe

Resource

win7-20240708-en

modiloader defense_evasion discovery themida trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_16a19dc0970014a4be3502a93a500c76.exe

Resource

win10v2004-20241007-en

defense_evasion discovery themida

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_16a19dc0970014a4be3502a93a500c76
- Size
  
  790KB
- MD5
  
  16a19dc0970014a4be3502a93a500c76
- SHA1
  
  b305de1d8b6dfe63e41002b42ab0adc6ea73d5f3
- SHA256
  
  d1e7c4ed60624519948aabf10d08a01d45b0e55b8f1bfcfb70ecdb7006eb68c1
- SHA512
  
  167ca62ac7a92dfb2dc6dff0f00ed20bff5002e5e8a0c322d290d7ab8a6f36ae29f30c6c42ff7ae945d5178a42cc541fd0e77f27195b88c4996820020dec21a2
- SSDEEP
  
  12288:N5zWhrhN04EGJigUzv1ucp17PcugZiKQsh4veFvplQw9VRbnPzEvW85k/SWrgVpM:NUhrHpUkuzpsOghEvxxj41
Score

10^/10

modiloader defense_evasion discovery themida trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modiloader family
  modiloader
- UAC bypass
  defense_evasion trojan
- ModiLoader Second Stage
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  defense_evasion
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  defense_evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloaderdefense_evasiondiscoverythemidatrojan

behavioral2

defense_evasiondiscoverythemida

© 2018-2025

Terms | Privacy