modiloader | 74f9f40a7808dde465c27d303835332b0d12509403d32d4a1f45ac5aaf790ff5

General

Target

626e958b355520e458a5a04ef1b3eade.exe
Size

779KB
Sample

220125-llv7nsdcg8
MD5

626e958b355520e458a5a04ef1b3eade
SHA1

4feb6d823b5370e509907b4cdfd8d0922d96ac11
SHA256

74f9f40a7808dde465c27d303835332b0d12509403d32d4a1f45ac5aaf790ff5
SHA512

ddda9307f420b77390cb5a3bfea9c96cdb5bb0c2daae439805770825de566a63b9141e7aa4f83a0309202b8db34784a2efd305ff730cf081c1e70dd2f0339349

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ariv

Decoy

validationlinkedterms.xyz

essentialpraxis.com

kjbservicesmn.com

wikiofgames.com

familiapena2475.com

xn--yckc3am9f2et438ajmxc.xyz

fluxmmaoffers.com

absampee43.com

videofx.store

metropolitanprofitness.com

fc8fla8kzq.com

espotplay.com

ammarus.com

tangerineharbor.com

esvengineers.com

bullfrogoutdoors.com

beefdiets.quest

958kk.com

triptoursportsaid.com

vestontalons.com

Targets

- Target
  
  626e958b355520e458a5a04ef1b3eade.exe
- Size
  
  779KB
- MD5
  
  626e958b355520e458a5a04ef1b3eade
- SHA1
  
  4feb6d823b5370e509907b4cdfd8d0922d96ac11
- SHA256
  
  74f9f40a7808dde465c27d303835332b0d12509403d32d4a1f45ac5aaf790ff5
- SHA512
  
  ddda9307f420b77390cb5a3bfea9c96cdb5bb0c2daae439805770825de566a63b9141e7aa4f83a0309202b8db34784a2efd305ff730cf081c1e70dd2f0339349
Score

10^/10

modiloader xloader ariv loader persistence rat trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- ModiLoader First Stage
- ModiLoader Second Stage
- Xloader Payload
  rat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

ModiLoader, DBatLoader

Xloader

ModiLoader First Stage

ModiLoader Second Stage

Xloader Payload

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2