modiloader | ceba84ad5d66f56b623ba771fbf63ff8aabb933047f8787a082df73c9d2240bb

General

Target

siparis listesi.exe
Size

996KB
Sample

220804-hsshkscae7
MD5

e48bd3649f60b17d7f56fd3ed1a78353
SHA1

f372728a365d58faf35be42e0b3d4c92b6bcbe2d
SHA256

ceba84ad5d66f56b623ba771fbf63ff8aabb933047f8787a082df73c9d2240bb
SHA512

8e70923922950667920c2e6144885883f49565c769ec79f074dcaad51e33e75b30438cc5912cc5e8cb701cffe44d5450b89bbfc574d3fe4a1123a844ee3508ec

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

uj3c

Decoy

copimetro.com

choonchain.com

luxxwireless.com

fashionweekofcincinnati.com

campingshare.net

suncochina.com

kidsfundoor.com

testingnyc.co

lovesoe.com

vehiclesbeenrecord.com

socialpearmarketing.com

maxproductdji.com

getallarticle.online

forummind.com

arenamarenostrum.com

trisuaka.xyz

designgamagazine.com

chateaulehotel.com

huangse5.com

esginvestment.tech

Targets

- Target
  
  siparis listesi.exe
- Size
  
  996KB
- MD5
  
  e48bd3649f60b17d7f56fd3ed1a78353
- SHA1
  
  f372728a365d58faf35be42e0b3d4c92b6bcbe2d
- SHA256
  
  ceba84ad5d66f56b623ba771fbf63ff8aabb933047f8787a082df73c9d2240bb
- SHA512
  
  8e70923922950667920c2e6144885883f49565c769ec79f074dcaad51e33e75b30438cc5912cc5e8cb701cffe44d5450b89bbfc574d3fe4a1123a844ee3508ec
Score

10^/10

modiloader xloader uj3c loader rat trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- ModiLoader Second Stage
- Xloader payload
  rat
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

ModiLoader, DBatLoader

Xloader

ModiLoader Second Stage

Xloader payload

Blocklisted process makes network request

Checks computer location settings

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2