modiloader | 836087923a0db9c86a26cb7ce157eb714dea1cfc4fe9aaa48be778d80639c665 | Triage

Submit
Reports

Overview

overview

Static

static

3

1cf73dd6ce...18.exe

windows7-x64

1cf73dd6ce...18.exe

windows10-2004-x64

Sharing

General

Target

1cf73dd6ce0f4ac9e3494f66cfa550ce_JaffaCakes118
Size

584KB
Sample

240701-3pr3vsxdja
MD5

1cf73dd6ce0f4ac9e3494f66cfa550ce
SHA1

a2efbd237ee6f207fd92daef87ba4f95f5de1939
SHA256

836087923a0db9c86a26cb7ce157eb714dea1cfc4fe9aaa48be778d80639c665
SHA512

81de1cd7b2880c895ef10ae7372bea05fa5359375b8169c2bda09fa4c6d835823baaf546e2e940d595d41b0f11e7817103fc45a8213fd827e070b9d39f1eee6d
SSDEEP

12288:UuhA434w39sb+nLkmTJMLMF3Z4mxx5pMKFeESdApmsFZB4r:UKAsd39sb+L4MQmXVVHWr

Score

10^/10

modiloader trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1cf73dd6ce0f4ac9e3494f66cfa550ce_JaffaCakes118.exe

Resource

win7-20240611-en

modiloader trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

1cf73dd6ce0f4ac9e3494f66cfa550ce_JaffaCakes118.exe

Resource

win10v2004-20240226-en

modiloader trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  1cf73dd6ce0f4ac9e3494f66cfa550ce_JaffaCakes118
- Size
  
  584KB
- MD5
  
  1cf73dd6ce0f4ac9e3494f66cfa550ce
- SHA1
  
  a2efbd237ee6f207fd92daef87ba4f95f5de1939
- SHA256
  
  836087923a0db9c86a26cb7ce157eb714dea1cfc4fe9aaa48be778d80639c665
- SHA512
  
  81de1cd7b2880c895ef10ae7372bea05fa5359375b8169c2bda09fa4c6d835823baaf546e2e940d595d41b0f11e7817103fc45a8213fd827e070b9d39f1eee6d
- SSDEEP
  
  12288:UuhA434w39sb+nLkmTJMLMF3Z4mxx5pMKFeESdApmsFZB4r:UKAsd39sb+L4MQmXVVHWr
Score

10^/10

modiloader trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

modiloadertrojan

behavioral2

modiloadertrojan

© 2018-2024

Terms | Privacy