modiloader | 28c93ea949a20acdd994bee18d49b3ba06d4de65c267c118d1bb4b6fa426fe88 | Triage

Submit
Reports

Overview

overview

Static

static

3

17998d24af...18.exe

windows7-x64

17998d24af...18.exe

windows10-2004-x64

Sharing

General

Target

17998d24af97abd9c3be708782a2bbc7_JaffaCakes118
Size

709KB
Sample

240627-1ctd2ssbjb
MD5

17998d24af97abd9c3be708782a2bbc7
SHA1

42fa7d132fec95e079531a3c2125f9802dc91bab
SHA256

28c93ea949a20acdd994bee18d49b3ba06d4de65c267c118d1bb4b6fa426fe88
SHA512

c79ed098462649163879b0301362d96ff868a043bc197a1ed2c54d34a8883de743ab56f4d9debb80fcd14f272d93c7c214c08cc9efad53aed6cf779ce023a54d
SSDEEP

12288:IuVPp3it+wX+jrslZO0bO8d/8+JaeCzF3Z4mxxexyIypeJiLbfjtWLI:HAZrbli+JSQmXK1Qf5

Score

10^/10

modiloader trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

17998d24af97abd9c3be708782a2bbc7_JaffaCakes118.exe

Resource

win7-20240611-en

modiloader trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

17998d24af97abd9c3be708782a2bbc7_JaffaCakes118.exe

Resource

win10v2004-20240611-en

modiloader trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  17998d24af97abd9c3be708782a2bbc7_JaffaCakes118
- Size
  
  709KB
- MD5
  
  17998d24af97abd9c3be708782a2bbc7
- SHA1
  
  42fa7d132fec95e079531a3c2125f9802dc91bab
- SHA256
  
  28c93ea949a20acdd994bee18d49b3ba06d4de65c267c118d1bb4b6fa426fe88
- SHA512
  
  c79ed098462649163879b0301362d96ff868a043bc197a1ed2c54d34a8883de743ab56f4d9debb80fcd14f272d93c7c214c08cc9efad53aed6cf779ce023a54d
- SSDEEP
  
  12288:IuVPp3it+wX+jrslZO0bO8d/8+JaeCzF3Z4mxxexyIypeJiLbfjtWLI:HAZrbli+JSQmXK1Qf5
Score

10^/10

modiloader trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

modiloadertrojan

behavioral2

modiloadertrojan

© 2018-2024

Terms | Privacy