modiloader | 714197487ba558ade3afd4d25cf4db3c4aee69debe45c181fbbfc5b46aa3b934 | Triage

Submit
Reports

Overview

overview

Static

static

3

1e261f8eb8...18.exe

windows7-x64

1e261f8eb8...18.exe

windows10-2004-x64

Sharing

General

Target

1e261f8eb8adfcc98a2e932200bbb267_JaffaCakes118
Size

136KB
Sample

240702-f6vtraxhrb
MD5

1e261f8eb8adfcc98a2e932200bbb267
SHA1

cb4a8db355c8d337d12cfdc59104d0a27a986537
SHA256

714197487ba558ade3afd4d25cf4db3c4aee69debe45c181fbbfc5b46aa3b934
SHA512

586d0b6c5f164acf38b86450839306f3ff698781eda1791d7ccaba9c6b35ae347d4f873d637a8239452e30ba59e6718fb18487d356ca9689a86eac993eb333ed
SSDEEP

3072:M3JlTHTTmObj0TrnFt9c4wsdMhuEkGZN0Gk5ADDI7eG+:OJ1Tmk011wsqkGZN0XADD2+

Score

10^/10

modiloader evasion trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1e261f8eb8adfcc98a2e932200bbb267_JaffaCakes118.exe

Resource

win7-20240508-en

modiloader evasion trojan upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

1e261f8eb8adfcc98a2e932200bbb267_JaffaCakes118.exe

Resource

win10v2004-20240611-en

modiloader evasion trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  1e261f8eb8adfcc98a2e932200bbb267_JaffaCakes118
- Size
  
  136KB
- MD5
  
  1e261f8eb8adfcc98a2e932200bbb267
- SHA1
  
  cb4a8db355c8d337d12cfdc59104d0a27a986537
- SHA256
  
  714197487ba558ade3afd4d25cf4db3c4aee69debe45c181fbbfc5b46aa3b934
- SHA512
  
  586d0b6c5f164acf38b86450839306f3ff698781eda1791d7ccaba9c6b35ae347d4f873d637a8239452e30ba59e6718fb18487d356ca9689a86eac993eb333ed
- SSDEEP
  
  3072:M3JlTHTTmObj0TrnFt9c4wsdMhuEkGZN0Gk5ADDI7eG+:OJ1Tmk011wsqkGZN0XADD2+
Score

10^/10

modiloader evasion trojan upx
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- UAC bypass
  evasion trojan
- ModiLoader Second Stage
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

modiloaderevasiontrojanupx

behavioral2

modiloaderevasiontrojanupx

© 2018-2024

Terms | Privacy