modiloader | 7f7af3d03481bb68e11a68e958ce6d8e96701a053eaa458e7010a4a85643cad3

General

Target

aa4b9c043e923952fee38447b9dd0b43
Size

690KB
Sample

210805-58g1wyk8z2
MD5

aa4b9c043e923952fee38447b9dd0b43
SHA1

14b12aeacdd0ae6ba8e1215c192f513c29bfef6f
SHA256

7f7af3d03481bb68e11a68e958ce6d8e96701a053eaa458e7010a4a85643cad3
SHA512

eb0e81bb8f107fdc91a35f9c65d42ef3c57356c6adb62e62b53828984c81f593f301e8f2650c0efe2077346ece9afa00171f0136b6b1981acfa83dc02b8e1c73

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

6mam

C2

http://www.mobiessence.com/6mam/

Decoy

gxduoke.com

lawmetricssolicitors.com

e-bizbox.com

ilovemehoodie.com

marcuslafond.com

bransolute.com

kuppers.info

kykyryky.art

vavasoo.com

tlamj.com

besport24.com

hibachiexpressnctogo.com

elglink99.com

maximos.world

uniamaa.com

aladinfarma.com

opticatervisof.com

delhibudokankarate.com

juliekifyukstyle.com

fuzhourexian.com

Targets

- Target
  
  aa4b9c043e923952fee38447b9dd0b43
- Size
  
  690KB
- MD5
  
  aa4b9c043e923952fee38447b9dd0b43
- SHA1
  
  14b12aeacdd0ae6ba8e1215c192f513c29bfef6f
- SHA256
  
  7f7af3d03481bb68e11a68e958ce6d8e96701a053eaa458e7010a4a85643cad3
- SHA512
  
  eb0e81bb8f107fdc91a35f9c65d42ef3c57356c6adb62e62b53828984c81f593f301e8f2650c0efe2077346ece9afa00171f0136b6b1981acfa83dc02b8e1c73
Score

10^/10

xloader 6mam loader persistence rat suricata modiloader trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- Xloader Payload
  rat
- Adds policy Run key to start application
  persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2

T1060

Privilege Escalation

Defense Evasion

Modify Registry

3

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

ModiLoader, DBatLoader

Xloader

suricata: ET MALWARE FormBook CnC Checkin (GET)

Xloader Payload

Adds policy Run key to start application

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2