Overview

overview

10

Static

static

TR0452728292542.exe

windows7-x64

1

TR0452728292542.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7829466132.zip

  • Size

    554KB

  • Sample

    220805-ygeqcaecan

  • MD5

    9e1e104e1c5a976023f93a8379c5bc36

  • SHA1

    70b751429caccb7111ec5b206402611cf9946a4e

  • SHA256

    167de949f4689e4be9b45e281d5a60156fe9b3080fd688f99e63382790f7c625

  • SHA512

    8d9c1787eed6e0216ec74d312b5a6ecd4d9df97910a1cf9a816e5bf0c6a8ec9b26bab0e889110aa1679f4d1c2b211cb00ad5b4916dc2c5fdcf758b3cfa6a6f23

Score
10/10
modiloaderxloadereuv4loaderrattrojan

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

euv4

Decoy

anniebapartments.com

hagenbicycles.com

herbalist101.com

southerncorrosion.net

kuechenpruefer.com

tajniezdrzi.quest

segurofunerarioar.com

boardsandbeamsdecor.com

alifdanismanlik.com

pkem.top

mddc.clinic

handejqr.com

crux-at.com

awp.email

hugsforbubbs.com

cielotherepy.com

turkcuyuz.com

teamidc.com

lankasirinspa.com

68135.online

Targets

    • Target

      TR0452728292542.exe

    • Size

      996KB

    • MD5

      9c829a6c8edcaec8d8faff1cfcdf3942

    • SHA1

      c26b13ea8fd27a5d8de643e3cfeb6f3183a01e9e

    • SHA256

      e84f8b87654c7ab2f79d0e8183befd2d1dbf85d7b0fe5494c22d5a927c04bddf

    • SHA512

      6308e7f12e5740ba0b208377fa7e90737c23f9381c1579eb7f3e0c9b69031ae259832de89493584580b79080f4c5bd2be4bedc6bc667a8fc99d38cb24cf6b32c

    Score
    10/10
    modiloaderxloadereuv4loaderrattrojan

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • ModiLoader Second Stage

    • Xloader payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks