Overview

overview

10

Static

static

10

f8fc925d89...in.dll

windows7_x64

10

f8fc925d89...in.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f8fc925d89baa140c9cb436f158ec91209789e9f8e82a0b7252f05587ce8e06f.bin

  • Size

    269KB

  • Sample

    220111-ttnfssgear

  • MD5

    2a4b62f495027dfb6f7549ca7ed7f47b

  • SHA1

    47f6c5aea3b9724f143125f97bf9e8b72faf1a38

  • SHA256

    f8fc925d89baa140c9cb436f158ec91209789e9f8e82a0b7252f05587ce8e06f

  • SHA512

    cc56c0448a138eca87a7fdce1cef67932ff868ea31ead0e342d3f265f92f4b9f91023d3fc01f7123149be469ccbaa2f2fdef950f9336557956ef10b4f36e4f9f

Score
10/10
modiloaderxloadern8rnloaderpersistenceratsuricatatrojan

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

n8rn

Decoy

jlvip1066.com

gconsultingfirm.com

foundergomwef.xyz

bredaslo.com

ethereumpets.com

buddymerrillmusic.com

archdeylemmergay.com

particulares-es.icu

gb2022-club.com

babypasal.com

mlikew.com

mskindi.com

securewalletvalidate.com

billstrasse24.com

ritebet388.com

nuhive.net

nekomediphile.com

jaynelsonphotog.com

writerpilotpublishing.store

taquerialoteria.com

Targets

    • Target

      f8fc925d89baa140c9cb436f158ec91209789e9f8e82a0b7252f05587ce8e06f.bin

    • Size

      269KB

    • MD5

      2a4b62f495027dfb6f7549ca7ed7f47b

    • SHA1

      47f6c5aea3b9724f143125f97bf9e8b72faf1a38

    • SHA256

      f8fc925d89baa140c9cb436f158ec91209789e9f8e82a0b7252f05587ce8e06f

    • SHA512

      cc56c0448a138eca87a7fdce1cef67932ff868ea31ead0e342d3f265f92f4b9f91023d3fc01f7123149be469ccbaa2f2fdef950f9336557956ef10b4f36e4f9f

    Score
    10/10
    modiloaderxloadern8rnloaderpersistenceratsuricatatrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata: ET MALWARE FormBook CnC Checkin (GET)

      suricata

    • ModiLoader Second Stage

    • Xloader Payload

      rat

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks