modiloader | dbb93c60e5e74632af64452fe9ec5acd788140d0eb3231655a47203e86ef6b55

General

Target

rápida confirmación.exe
Size

679KB
Sample

220113-2m9z8adafm
MD5

37c1cae0b31e946583291a6d244c7d7d
SHA1

74b32709f1d6e686088b21ce6663bd8923abe707
SHA256

dbb93c60e5e74632af64452fe9ec5acd788140d0eb3231655a47203e86ef6b55
SHA512

007eb3da72b34a3051f04f2e18607894e4cc850926d3410e755aefbf729cee0e4fbce7aadf22194ca25399f0cceb97d5c5370d93f948ead54f994902e750ae11

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ariv

Decoy

validationlinkedterms.xyz

essentialpraxis.com

kjbservicesmn.com

wikiofgames.com

familiapena2475.com

xn--yckc3am9f2et438ajmxc.xyz

fluxmmaoffers.com

absampee43.com

videofx.store

metropolitanprofitness.com

fc8fla8kzq.com

espotplay.com

ammarus.com

tangerineharbor.com

esvengineers.com

bullfrogoutdoors.com

beefdiets.quest

958kk.com

triptoursportsaid.com

vestontalons.com

Targets

- Target
  
  rápida confirmación.exe
- Size
  
  679KB
- MD5
  
  37c1cae0b31e946583291a6d244c7d7d
- SHA1
  
  74b32709f1d6e686088b21ce6663bd8923abe707
- SHA256
  
  dbb93c60e5e74632af64452fe9ec5acd788140d0eb3231655a47203e86ef6b55
- SHA512
  
  007eb3da72b34a3051f04f2e18607894e4cc850926d3410e755aefbf729cee0e4fbce7aadf22194ca25399f0cceb97d5c5370d93f948ead54f994902e750ae11
Score

10^/10

modiloader xloader ariv loader persistence rat suricata trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata: ET MALWARE FormBook CnC Checkin (GET)
  suricata
- ModiLoader First Stage
- Xloader Payload
  rat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

ModiLoader, DBatLoader

Xloader

suricata: ET MALWARE FormBook CnC Checkin (GET)

ModiLoader First Stage

Xloader Payload

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2