modiloader | 75faf0f399d54ca80a73cdf19668db270044b2f0397e8236de3064bc7d81c5aa | Triage

Submit
Reports

Overview

overview

Static

static

7

1bb53a0474...18.exe

windows7-x64

1bb53a0474...18.exe

windows10-2004-x64

Sharing

General

Target

1bb53a0474ca84455096ced24df6e27e_JaffaCakes118
Size

395KB
Sample

240701-r58j1axcle
MD5

1bb53a0474ca84455096ced24df6e27e
SHA1

39d6ba87aa3ddda458422054d0ada4a0b05c7156
SHA256

75faf0f399d54ca80a73cdf19668db270044b2f0397e8236de3064bc7d81c5aa
SHA512

092ae628a13925220c85e395a0d9dc56197478e156fb52a80babeccc3e369d18cb6377bf49fced35d6a4d8daef16748077bc852e7ae241a99826f3ba7116a722
SSDEEP

6144:TCBljPlNn6RVwHsA6nIRmxy9XZj6Lv0BUwuLNYafwsU3yylogJCcmFsluASMw2K1:GB5Pr6MFBXsQBUws+WU3dlo4CcmGXKe

Score

10^/10

modiloader persistence trojan vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

1bb53a0474ca84455096ced24df6e27e_JaffaCakes118.exe

Resource

win7-20240221-en

modiloader persistence trojan vmprotect

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

1bb53a0474ca84455096ced24df6e27e_JaffaCakes118.exe

Resource

win10v2004-20240611-en

modiloader persistence trojan vmprotect

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  1bb53a0474ca84455096ced24df6e27e_JaffaCakes118
- Size
  
  395KB
- MD5
  
  1bb53a0474ca84455096ced24df6e27e
- SHA1
  
  39d6ba87aa3ddda458422054d0ada4a0b05c7156
- SHA256
  
  75faf0f399d54ca80a73cdf19668db270044b2f0397e8236de3064bc7d81c5aa
- SHA512
  
  092ae628a13925220c85e395a0d9dc56197478e156fb52a80babeccc3e369d18cb6377bf49fced35d6a4d8daef16748077bc852e7ae241a99826f3ba7116a722
- SSDEEP
  
  6144:TCBljPlNn6RVwHsA6nIRmxy9XZj6Lv0BUwuLNYafwsU3yylogJCcmFsluASMw2K1:GB5Pr6MFBXsQBUws+WU3dlo4CcmGXKe
Score

10^/10

modiloader persistence trojan vmprotect
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Executes dropped EXE
- Loads dropped DLL
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

modiloaderpersistencetrojanvmprotect

behavioral2

modiloaderpersistencetrojanvmprotect

© 2018-2024

Terms | Privacy