modiloader | 26ab6e684b0b3f307be582bf135619ba278bc92c15dc1bf236ee21fdc82e25a8 | Triage

Submit
Reports

Overview

overview

Static

static

1c7f50c5e4...18.exe

windows7-x64

1c7f50c5e4...18.exe

windows10-2004-x64

Sharing

General

Target

1c7f50c5e44313e78f6bc2e18de2f4c6_JaffaCakes118
Size

38KB
Sample

240701-zxsgtazbrd
MD5

1c7f50c5e44313e78f6bc2e18de2f4c6
SHA1

cd2f34c415b92f1a928f27beb392f54ee617da88
SHA256

26ab6e684b0b3f307be582bf135619ba278bc92c15dc1bf236ee21fdc82e25a8
SHA512

3bf6d41a26b4a675bbeb10d4d8a5971fbc4028714585e921f63ebd40226901e4d1ebefd66c57bcbcdf62d7008ff44a1dcbb6fddce1d562743bf97190e9b7475c
SSDEEP

768:eBycquQyb2sZvFUK0aMczvPlMn0K9HXML4Q/Kbe7mh3:7cquQGdU6Mczu0KHXtAmB

Score

10^/10

modiloader persistence trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

1c7f50c5e44313e78f6bc2e18de2f4c6_JaffaCakes118.exe

Resource

win7-20240220-en

modiloader persistence trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

1c7f50c5e44313e78f6bc2e18de2f4c6_JaffaCakes118.exe

Resource

win10v2004-20240611-en

modiloader persistence trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  1c7f50c5e44313e78f6bc2e18de2f4c6_JaffaCakes118
- Size
  
  38KB
- MD5
  
  1c7f50c5e44313e78f6bc2e18de2f4c6
- SHA1
  
  cd2f34c415b92f1a928f27beb392f54ee617da88
- SHA256
  
  26ab6e684b0b3f307be582bf135619ba278bc92c15dc1bf236ee21fdc82e25a8
- SHA512
  
  3bf6d41a26b4a675bbeb10d4d8a5971fbc4028714585e921f63ebd40226901e4d1ebefd66c57bcbcdf62d7008ff44a1dcbb6fddce1d562743bf97190e9b7475c
- SSDEEP
  
  768:eBycquQyb2sZvFUK0aMczvPlMn0K9HXML4Q/Kbe7mh3:7cquQGdU6Mczu0KHXtAmB
Score

10^/10

modiloader persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

modiloaderpersistencetrojan

behavioral2

modiloaderpersistencetrojan

© 2018-2024

Terms | Privacy