modiloader | dcadfd906850de7d6c5574d66fbef10485fdaa84429e7fb974f24cf0e9170a66 | Triage

Submit
Reports

Overview

overview

Static

static

3

1b68c1b281...18.exe

windows7-x64

1b68c1b281...18.exe

windows10-2004-x64

Sharing

General

Target

1b68c1b28122776e25be7d01e29aba23_JaffaCakes118
Size

449KB
Sample

240701-qbqawswgpk
MD5

1b68c1b28122776e25be7d01e29aba23
SHA1

aa865b99291d7630910ece3f956d32fec2626d85
SHA256

dcadfd906850de7d6c5574d66fbef10485fdaa84429e7fb974f24cf0e9170a66
SHA512

20f10c29a5a3ce56f4989cb946c1deb973f25a9c235f605999981cdf00c5b6d7b419b519c02bd3dee1df93513b996ba2b8ab491a3642c56f26cdfdf2dbbf35cb
SSDEEP

12288:RMAOOl1nD7UHf5Zm46GByHmYetaIEWYRB3lpov:RrXncHf5k46MYmRaTWYdpo

Score

10^/10

modiloader bootkit persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1b68c1b28122776e25be7d01e29aba23_JaffaCakes118.exe

Resource

win7-20240611-en

modiloader bootkit persistence trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

1b68c1b28122776e25be7d01e29aba23_JaffaCakes118.exe

Resource

win10v2004-20240611-en

modiloader trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  1b68c1b28122776e25be7d01e29aba23_JaffaCakes118
- Size
  
  449KB
- MD5
  
  1b68c1b28122776e25be7d01e29aba23
- SHA1
  
  aa865b99291d7630910ece3f956d32fec2626d85
- SHA256
  
  dcadfd906850de7d6c5574d66fbef10485fdaa84429e7fb974f24cf0e9170a66
- SHA512
  
  20f10c29a5a3ce56f4989cb946c1deb973f25a9c235f605999981cdf00c5b6d7b419b519c02bd3dee1df93513b996ba2b8ab491a3642c56f26cdfdf2dbbf35cb
- SSDEEP
  
  12288:RMAOOl1nD7UHf5Zm46GByHmYetaIEWYRB3lpov:RrXncHf5k46MYmRaTWYdpo
Score

10^/10

modiloader bootkit persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Replication Through Removable Media

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

modiloaderbootkitpersistencetrojan

behavioral2

modiloadertrojan

© 2018-2024

Terms | Privacy