modiloader | 351be00614526c5dee37a1b157a124453be177b496039e461451e4eff475934a | Triage

Submit
Reports

Overview

overview

Static

static

3

1b740553ee...18.exe

windows7-x64

1b740553ee...18.exe

windows10-2004-x64

Sharing

General

Target

1b740553ee4a960dd2c557a7447225a1_JaffaCakes118
Size

379KB
Sample

240701-qla9qaxckr
MD5

1b740553ee4a960dd2c557a7447225a1
SHA1

2e4a9ea89a0434fa75ac25fc02a22597ff6f4ba9
SHA256

351be00614526c5dee37a1b157a124453be177b496039e461451e4eff475934a
SHA512

1b0727ee1a27ae1ee60c4b349354af49b0ad1480b335299e4eb599f1421841c7b478d7f1938da2a368c5ffff2fc91e1fd658c561ccfbc57ffa6f48e4b9d9385f
SSDEEP

6144:sefy8pQP0VuwLQ4sf0BDlirMDGgo5R7+s4E/wXDaCgRiFb4TUvBIBOXDAbzF:hyIQkY4s89lirMigi1N4VaCgAFbWUv6N

Score

10^/10

modiloader persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1b740553ee4a960dd2c557a7447225a1_JaffaCakes118.exe

Resource

win7-20231129-en

modiloader persistence trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

1b740553ee4a960dd2c557a7447225a1_JaffaCakes118.exe

Resource

win10v2004-20240508-en

modiloader persistence trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  1b740553ee4a960dd2c557a7447225a1_JaffaCakes118
- Size
  
  379KB
- MD5
  
  1b740553ee4a960dd2c557a7447225a1
- SHA1
  
  2e4a9ea89a0434fa75ac25fc02a22597ff6f4ba9
- SHA256
  
  351be00614526c5dee37a1b157a124453be177b496039e461451e4eff475934a
- SHA512
  
  1b0727ee1a27ae1ee60c4b349354af49b0ad1480b335299e4eb599f1421841c7b478d7f1938da2a368c5ffff2fc91e1fd658c561ccfbc57ffa6f48e4b9d9385f
- SSDEEP
  
  6144:sefy8pQP0VuwLQ4sf0BDlirMDGgo5R7+s4E/wXDaCgRiFb4TUvBIBOXDAbzF:hyIQkY4s89lirMigi1N4VaCgAFbWUv6N
Score

10^/10

modiloader persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

modiloaderpersistencetrojan

behavioral2

modiloaderpersistencetrojan

© 2018-2024

Terms | Privacy