modiloader | 5b7ec1fb9370aa03341d9038a277b91f59397d82653c6a86196ef0bb8f27385c | Triage

Submit
Reports

Overview

overview

Static

static

3

1a07df94b1...18.exe

windows7-x64

1a07df94b1...18.exe

windows10-2004-x64

Sharing

General

Target

1a07df94b15350a6f819781c0a8ea4ad_JaffaCakes118
Size

682KB
Sample

240628-n5qgmsybkb
MD5

1a07df94b15350a6f819781c0a8ea4ad
SHA1

66a5a27c556c4fc96abbb6875e26803a2ac19941
SHA256

5b7ec1fb9370aa03341d9038a277b91f59397d82653c6a86196ef0bb8f27385c
SHA512

d6096c051c0cb66f31761a5294bee47356bc6e0b629edf4aeef952e898861ba24322d9eb1f34935ca8b74496910fd180d082516e38d5c7cfaabb000f8cc4e6f1
SSDEEP

12288:givphvb0GylW733zig49ICSoQqMe82FANisxF3Z4mxxxDqVTVOC+:giHAGUyPaIrWMe82WdQmX4VTz+

Score

10^/10

modiloader persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1a07df94b15350a6f819781c0a8ea4ad_JaffaCakes118.exe

Resource

win7-20240508-en

modiloader persistence trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

1a07df94b15350a6f819781c0a8ea4ad_JaffaCakes118.exe

Resource

win10v2004-20240508-en

modiloader persistence trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  1a07df94b15350a6f819781c0a8ea4ad_JaffaCakes118
- Size
  
  682KB
- MD5
  
  1a07df94b15350a6f819781c0a8ea4ad
- SHA1
  
  66a5a27c556c4fc96abbb6875e26803a2ac19941
- SHA256
  
  5b7ec1fb9370aa03341d9038a277b91f59397d82653c6a86196ef0bb8f27385c
- SHA512
  
  d6096c051c0cb66f31761a5294bee47356bc6e0b629edf4aeef952e898861ba24322d9eb1f34935ca8b74496910fd180d082516e38d5c7cfaabb000f8cc4e6f1
- SSDEEP
  
  12288:givphvb0GylW733zig49ICSoQqMe82FANisxF3Z4mxxxDqVTVOC+:giHAGUyPaIrWMe82WdQmX4VTz+
Score

10^/10

modiloader persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

modiloaderpersistencetrojan

behavioral2

modiloaderpersistencetrojan

© 2018-2024

Terms | Privacy