modiloader | 27cad802a32ea893bce26ae89b2c77825d4ece889932addbcb922ff2c3d73425

General

Target

dd5c7e917f28bbe04bb177571eadb4b6
Size

863KB
Sample

210902-rlrr5sacd8
MD5

dd5c7e917f28bbe04bb177571eadb4b6
SHA1

55160185c61347dbcaf4577f14f991d628c2ecf3
SHA256

27cad802a32ea893bce26ae89b2c77825d4ece889932addbcb922ff2c3d73425
SHA512

c6d38a321c98628b5dcbf3a4add12b4a11d21bcfc542a37d2a05525842eb0e31004f0482ad9415fb742883194f51e4a9072b6c0891c425b35befc0103fdd99aa

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

ecuu

C2

http://www.polaritelibrairie.com/ecuu/

Decoy

buoy8boats.com

tomrings.com

o-distribs.com

majesticgroupinc.com

tehridam.com

yzwjtoys.com

castro-online.run

aquarius-twins.com

jamesrrossfineart.com

pavarasupatthonkol.com

rivermarketdentistry.com

gyiblrjd.icu

redcountrypodcast.com

youngbrotherspharmacyga.com

betsysobiech.com

neocleanpro.com

ingpatrimoine.com

mustangsallytransportation.com

jsvfcxzn.com

krsfpjuoekcd.info

Targets

- Target
  
  dd5c7e917f28bbe04bb177571eadb4b6
- Size
  
  863KB
- MD5
  
  dd5c7e917f28bbe04bb177571eadb4b6
- SHA1
  
  55160185c61347dbcaf4577f14f991d628c2ecf3
- SHA256
  
  27cad802a32ea893bce26ae89b2c77825d4ece889932addbcb922ff2c3d73425
- SHA512
  
  c6d38a321c98628b5dcbf3a4add12b4a11d21bcfc542a37d2a05525842eb0e31004f0482ad9415fb742883194f51e4a9072b6c0891c425b35befc0103fdd99aa
Score

10^/10

modiloader xloader ecuu loader persistence rat trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Adds policy Run key to start application
  persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Registry Run Keys / Startup Folder

2

T1060

Privilege Escalation

Defense Evasion

Modify Registry

3

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

ModiLoader, DBatLoader

Xloader

Xloader Payload

Adds policy Run key to start application

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2