modiloader | b63521159d8e3b6748f45763d1bcabd6a030d07b9f6f0ae5147ea2451bd87fff

General

Target

Novi poredak.zip
Size

364KB
Sample

221002-lw7cpaaah8
MD5

843723c472a261688f22f1fd2402fe43
SHA1

7f62e8bf917b4e91b7b08b4d773f06ce42fe83a3
SHA256

b63521159d8e3b6748f45763d1bcabd6a030d07b9f6f0ae5147ea2451bd87fff
SHA512

e13a0bd1c0bb36ccdbcb36c589cb3e1095bdaad29db7fa411c625a8a71222b7ac197c7202ab597ca63405803963e8f21dd492adff867235274c14c8a27ebae5a
SSDEEP

6144:0Ih7FYOuq+3GqfD7afXENAm+A29qp8N21knRQlvr2vVqLKeLAdoOebAmZ9r11Hg5:zheO7iX1wA5pU210kCv42YAuOOZHc

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

euv4

Decoy

anniebapartments.com

hagenbicycles.com

herbalist101.com

southerncorrosion.net

kuechenpruefer.com

tajniezdrzi.quest

segurofunerarioar.com

boardsandbeamsdecor.com

alifdanismanlik.com

pkem.top

mddc.clinic

handejqr.com

crux-at.com

awp.email

hugsforbubbs.com

cielotherepy.com

turkcuyuz.com

teamidc.com

lankasirinspa.com

68135.online

Targets

- Target
  
  Novi poredak.exe
- Size
  
  742KB
- MD5
  
  c71ad16cf41fe33191e7aed3ff094cb5
- SHA1
  
  2530410a028d56fe76cd4883ad6143c65110dfa3
- SHA256
  
  c65eb86aa24a5f4ded6ad0fadfb7bb2eb6e6543a4a146f1dd05ae88bb7354375
- SHA512
  
  c25844433fe78448977f689fd4afd070316c9e1c3544dd24a444d3efb193e183a063b834f3c045f27fe919c24b1d919dc6fc19229a1a2fa49a89949308f568ec
- SSDEEP
  
  12288:X1vdLGEt9CUvF8rhmJ9pKOBEffIll6A4qFEPnjDZ46pbZe:lFBt9CUd8rhmJ9rOfehF6njDlpbZe
Score

10^/10

modiloader trojan xloader euv4 loader persistence rat
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- ModiLoader Second Stage
- Xloader payload
  rat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

ModiLoader, DBatLoader

Xloader

ModiLoader Second Stage

Xloader payload

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2