modiloader | 1ab52bac5850518b5e948ea170b9d5b9f7e2aca962e4ed99d171085cdf970e19

General

Target

EXPORTER_INFORMATION_340_29464003.exe
Size

684KB
Sample

210830-fl7abvrhl2
MD5

31627e0d4263b5339a38bc7f46464543
SHA1

586fc929e8fe1de7f2593ba67c1e65404948278a
SHA256

1ab52bac5850518b5e948ea170b9d5b9f7e2aca962e4ed99d171085cdf970e19
SHA512

6b42318e1d82d9fcb2d9560e1ff50899e67fcf731be93c820fd113c1fc85bd836fe085d61489ad1846d0369bd1dd7e39c3ae484758cae80b92f345ca03869990

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

qcrn

C2

http://www.kumarsceramics.com/qcrn/

Decoy

borderlessmortgagorgroup.com

whatrheasays.com

arcadems.com

sporkmissoula.com

flowshapers.com

project-access.events

bazlist.com

bugbyspace.com

xn--jvrr42b047aqkd.com

nathangray.info

kaaikarikadai.com

boassoelettrodomestici.com

carrosfiados.com

abclity.com

wavesall.net

raceto5000today.com

overgrim.com

vsjourneys.com

selftslkplus.com

bashiryaghi.com

Targets

- Target
  
  EXPORTER_INFORMATION_340_29464003.exe
- Size
  
  684KB
- MD5
  
  31627e0d4263b5339a38bc7f46464543
- SHA1
  
  586fc929e8fe1de7f2593ba67c1e65404948278a
- SHA256
  
  1ab52bac5850518b5e948ea170b9d5b9f7e2aca962e4ed99d171085cdf970e19
- SHA512
  
  6b42318e1d82d9fcb2d9560e1ff50899e67fcf731be93c820fd113c1fc85bd836fe085d61489ad1846d0369bd1dd7e39c3ae484758cae80b92f345ca03869990
Score

10^/10

modiloader xloader qcrn loader persistence rat trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Adds policy Run key to start application
  persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

ModiLoader, DBatLoader

Xloader

Xloader Payload

Adds policy Run key to start application

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2