Overview

overview

10

Static

static

3.exe

windows7_x64

10

3.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3.exe

  • Size

    1.0MB

  • Sample

    220421-nzat1aebg5

  • MD5

    c834856ae8809de276c5311d6373148e

  • SHA1

    105073e51f314a118f75b7c676564a1d943e5ca5

  • SHA256

    29f353919d57103d6ea57ca27721751615ee02b379c7afae7e82776b796dd848

  • SHA512

    b804740d9ed4815483d8e14a39edb2b7755af721403239930a12421b1953e194986a04c5f3d999f6bd44a27e5865c11742eb43e59807c904e91d34ae9f82ceef

Score
10/10
modiloaderxloadergqvvloaderpersistencerattrojan

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

gqvv

Decoy

the-pumps.com

imagepixo.com

gloriamcarter.com

cedacventures.com

chengxinyuan.online

evesfashion.online

relyoncarlos.com

marinayouth.com

hbsckj.net

jdmnn.com

fedelini.online

barkleysbettermints.com

popierwszezdrowie.net

amelntl.net

oceanic-sauna.online

ksssz.com

aprilrehrig.com

nwzjr.com

manimani1225.com

gstfranchisecenter.com

Targets

    • Target

      3.exe

    • Size

      1.0MB

    • MD5

      c834856ae8809de276c5311d6373148e

    • SHA1

      105073e51f314a118f75b7c676564a1d943e5ca5

    • SHA256

      29f353919d57103d6ea57ca27721751615ee02b379c7afae7e82776b796dd848

    • SHA512

      b804740d9ed4815483d8e14a39edb2b7755af721403239930a12421b1953e194986a04c5f3d999f6bd44a27e5865c11742eb43e59807c904e91d34ae9f82ceef

    Score
    10/10
    modiloaderxloadergqvvloaderpersistencerattrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • ModiLoader Second Stage

    • Xloader Payload

      rat

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks