modiloader | f8fc925d89baa140c9cb436f158ec91209789e9f8e82a0b7252f05587ce8e06f

General

Target

f8fc925d89baa140c9cb436f158ec91209789e9f8e82a0b7252f05587ce8e06f.bin
Size

269KB
Sample

220111-ttnfssgear
MD5

2a4b62f495027dfb6f7549ca7ed7f47b
SHA1

47f6c5aea3b9724f143125f97bf9e8b72faf1a38
SHA256

f8fc925d89baa140c9cb436f158ec91209789e9f8e82a0b7252f05587ce8e06f
SHA512

cc56c0448a138eca87a7fdce1cef67932ff868ea31ead0e342d3f265f92f4b9f91023d3fc01f7123149be469ccbaa2f2fdef950f9336557956ef10b4f36e4f9f

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

n8rn

Decoy

jlvip1066.com

gconsultingfirm.com

foundergomwef.xyz

bredaslo.com

ethereumpets.com

buddymerrillmusic.com

archdeylemmergay.com

particulares-es.icu

gb2022-club.com

babypasal.com

mlikew.com

mskindi.com

securewalletvalidate.com

billstrasse24.com

ritebet388.com

nuhive.net

nekomediphile.com

jaynelsonphotog.com

writerpilotpublishing.store

taquerialoteria.com

Targets

- Target
  
  f8fc925d89baa140c9cb436f158ec91209789e9f8e82a0b7252f05587ce8e06f.bin
- Size
  
  269KB
- MD5
  
  2a4b62f495027dfb6f7549ca7ed7f47b
- SHA1
  
  47f6c5aea3b9724f143125f97bf9e8b72faf1a38
- SHA256
  
  f8fc925d89baa140c9cb436f158ec91209789e9f8e82a0b7252f05587ce8e06f
- SHA512
  
  cc56c0448a138eca87a7fdce1cef67932ff868ea31ead0e342d3f265f92f4b9f91023d3fc01f7123149be469ccbaa2f2fdef950f9336557956ef10b4f36e4f9f
Score

10^/10

modiloader xloader n8rn loader persistence rat suricata trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- ModiLoader Second Stage
- Xloader Payload
  rat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

ModiLoader, DBatLoader

Xloader

suricata: ET MALWARE FormBook CnC Checkin (GET)

ModiLoader Second Stage

Xloader Payload

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2