modiloader | 1cfec89b2bfbcdd400f0cd58741a2d7a218bb2bbf2399b55833c6f4a64829883

General

Target

products order pdf.exe
Size

825KB
Sample

210331-vy85ck4swn
MD5

78b638ad61109b9327e9a3a304bf1fac
SHA1

d4abee4c7936c2a797c44d4cd579f62de172b216
SHA256

1cfec89b2bfbcdd400f0cd58741a2d7a218bb2bbf2399b55833c6f4a64829883
SHA512

fb415828b9b5db340a7b277319305b3f574a7e435e4238ab16b619dbfd812543d63b1439711863338b73160da461d8fc5a5dd20dd615d2e8a06e57e7d997dc7b

Score

10^/10

Malware Config

Extracted

Family

xloader

C2

http://www.brandonprattdrums.com/nt8e/

Decoy

cfwg123.com

gazipasadan.xyz

careogeen.com

zitatewelten.com

thecvpro.com

viltais.com

benimed.today

rogerecameron.com

courtclassesathome.com

yakin-hm.com

vidasanayprospera.com

mandirana.com

skybluebet.com

rescuedpetsarewonderful.com

solisdq.info

affiliateside.com

homewellliving.com

missteenroyaluniverse.com

bajrangproperties.com

bundleobliss.com

Targets

- Target
  
  products order pdf.exe
- Size
  
  825KB
- MD5
  
  78b638ad61109b9327e9a3a304bf1fac
- SHA1
  
  d4abee4c7936c2a797c44d4cd579f62de172b216
- SHA256
  
  1cfec89b2bfbcdd400f0cd58741a2d7a218bb2bbf2399b55833c6f4a64829883
- SHA512
  
  fb415828b9b5db340a7b277319305b3f574a7e435e4238ab16b619dbfd812543d63b1439711863338b73160da461d8fc5a5dd20dd615d2e8a06e57e7d997dc7b
Score

10^/10

xloader loader persistence rat modiloader trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Adds policy Run key to start application
  persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

ModiLoader, DBatLoader

Xloader

Xloader Payload

Adds policy Run key to start application

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2