modiloader | 08e2899d799d4b103ce73143d8d0cac5803d5a9bd8d75d35624de0a5278df15d | Triage

Submit
Reports

Overview

overview

Static

static

3

25f7a060be...18.exe

windows7-x64

25f7a060be...18.exe

windows10-2004-x64

1

Sharing

General

Target

25f7a060beeec7a5b952788465db3e8c_JaffaCakes118
Size

1.6MB
Sample

240704-x28ngsvbnp
MD5

25f7a060beeec7a5b952788465db3e8c
SHA1

616cb6087c9c11107a82d1cdd6d403c3c9cffd18
SHA256

08e2899d799d4b103ce73143d8d0cac5803d5a9bd8d75d35624de0a5278df15d
SHA512

af9d8834e181cd14a44f4a109d9036fa6d70953e0c987a478634c632783d1b63888116c846d3d25f9b087e7ea45a4ee3ecd5d69686a55bd630c85b3c00379301
SSDEEP

49152:0wmG94hUbREXnDKK7XxIx9P0FUhA6lpUKw:XFYUbeXnGK7X0TZw

Score

10^/10

modiloader evasion persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

25f7a060beeec7a5b952788465db3e8c_JaffaCakes118.exe

Resource

win7-20231129-en

modiloader evasion persistence trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

25f7a060beeec7a5b952788465db3e8c_JaffaCakes118.exe

Resource

win10v2004-20240611-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Targets

- Target
  
  25f7a060beeec7a5b952788465db3e8c_JaffaCakes118
- Size
  
  1.6MB
- MD5
  
  25f7a060beeec7a5b952788465db3e8c
- SHA1
  
  616cb6087c9c11107a82d1cdd6d403c3c9cffd18
- SHA256
  
  08e2899d799d4b103ce73143d8d0cac5803d5a9bd8d75d35624de0a5278df15d
- SHA512
  
  af9d8834e181cd14a44f4a109d9036fa6d70953e0c987a478634c632783d1b63888116c846d3d25f9b087e7ea45a4ee3ecd5d69686a55bd630c85b3c00379301
- SSDEEP
  
  49152:0wmG94hUbREXnDKK7XxIx9P0FUhA6lpUKw:XFYUbeXnGK7X0TZw
Score

10^/10

modiloader evasion persistence trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- UAC bypass
  evasion trojan
- ModiLoader Second Stage
- Deletes itself
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

modiloaderevasionpersistencetrojan

behavioral2

© 2018-2024

Terms | Privacy