Overview

overview

10

Static

static

8ed3caed66...57.exe

windows7_x64

10

8ed3caed66...57.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8ed3caed6686f91f6fe1e26b8e4ac59c155206cfb94763457ef68684b7bc3257

  • Size

    995KB

  • Sample

    220329-znjhjsfcbp

  • MD5

    eec3542841710e101127865b8b4c1882

  • SHA1

    376206965eb4aa8acf11afe5b0389be1b0dd1a73

  • SHA256

    8ed3caed6686f91f6fe1e26b8e4ac59c155206cfb94763457ef68684b7bc3257

  • SHA512

    bff28d7c92d8cb787409e4745eb7fb0ba24138b371b185bd648f30e7d65b9deeb9ed64a09ca1e94807835829b997b74995015a66e2eeae28c6ede31428ca46bb

Score
10/10
modiloaderxloaderchgloaderrattrojan

Malware Config

Extracted

Family

xloader

Version

2.2

Campaign

chg

Decoy

ceipsanisidorogiralda.com

mypinglabs.com

grupodicore.com

hondabuilt.com

prets-enligne.com

treatyourdryeyesinfousa.com

newsonedition.com

puppetsforhireband.com

404universal.com

bipoctravel.com

aspiritdigital.com

saib.group

eatonvancewateroakadvisors.com

momoglobalshop.com

reimagineeducationlab.com

looleep.com

facefactorgame.com

paramount-realms.com

saintinnovations.com

hospitaldeanimales.com

Targets

    • Target

      8ed3caed6686f91f6fe1e26b8e4ac59c155206cfb94763457ef68684b7bc3257

    • Size

      995KB

    • MD5

      eec3542841710e101127865b8b4c1882

    • SHA1

      376206965eb4aa8acf11afe5b0389be1b0dd1a73

    • SHA256

      8ed3caed6686f91f6fe1e26b8e4ac59c155206cfb94763457ef68684b7bc3257

    • SHA512

      bff28d7c92d8cb787409e4745eb7fb0ba24138b371b185bd648f30e7d65b9deeb9ed64a09ca1e94807835829b997b74995015a66e2eeae28c6ede31428ca46bb

    Score
    10/10
    modiloaderxloaderchgloaderrattrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • ModiLoader First Stage

    • Xloader Payload

      rat

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks