modiloader | ec86a8cd7e2305d09792297115d080699ecddf8c080e916d6b1dbe06e1a6cd54 | Triage

Submit
Reports

Overview

overview

Static

static

7

1643417327...18.exe

windows7-x64

1643417327...18.exe

windows10-2004-x64

1

Sharing

General

Target

16434173272d0fd623cedc921d936a46_JaffaCakes118
Size

1.3MB
Sample

240627-rbwy4sxarl
MD5

16434173272d0fd623cedc921d936a46
SHA1

5f2320049e1f0fc4b9527e74e0df7afdc9ca32ee
SHA256

ec86a8cd7e2305d09792297115d080699ecddf8c080e916d6b1dbe06e1a6cd54
SHA512

da3fb6e7ef8eea6cbbb73ce6f4a11c2c9ace0ab85292bcf542908dc7b4748fae88e09d6685352e5ac5f6cf11a4fe66d48b638c00559c0ab7cda97b901fe84d1a
SSDEEP

24576:kJfF2OuAfeCGStKypZzIn/UdRC0d49N/MP80yDDyqZqej0EukVd5:kLnxgAuninQZMJyyoh0Ezd

Score

10^/10

modiloader evasion persistence themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

16434173272d0fd623cedc921d936a46_JaffaCakes118.exe

Resource

win7-20240611-en

modiloader evasion persistence themida trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

16434173272d0fd623cedc921d936a46_JaffaCakes118.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Targets

- Target
  
  16434173272d0fd623cedc921d936a46_JaffaCakes118
- Size
  
  1.3MB
- MD5
  
  16434173272d0fd623cedc921d936a46
- SHA1
  
  5f2320049e1f0fc4b9527e74e0df7afdc9ca32ee
- SHA256
  
  ec86a8cd7e2305d09792297115d080699ecddf8c080e916d6b1dbe06e1a6cd54
- SHA512
  
  da3fb6e7ef8eea6cbbb73ce6f4a11c2c9ace0ab85292bcf542908dc7b4748fae88e09d6685352e5ac5f6cf11a4fe66d48b638c00559c0ab7cda97b901fe84d1a
- SSDEEP
  
  24576:kJfF2OuAfeCGStKypZzIn/UdRC0d49N/MP80yDDyqZqej0EukVd5:kLnxgAuninQZMJyyoh0Ezd
Score

10^/10

modiloader evasion persistence themida trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- UAC bypass
  evasion trojan
- ModiLoader Second Stage
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

modiloaderevasionpersistencethemidatrojan

behavioral2

© 2018-2024

Terms | Privacy