Overview

overview

10

Static

static

Yeni sipar...si.exe

windows7-x64

10

Yeni sipar...si.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Yeni siparis listesi.exe

  • Size

    1013KB

  • Sample

    221005-meszeaeae3

  • MD5

    add891fdc3f5ac2ff276e6529df08954

  • SHA1

    29485243206d1825c28109fac8f492cf2ab3b30d

  • SHA256

    b3cd5ca1cfe3eeaff6e38ee71593415d63c5f2117c3a1c3a4bbbbde98e46171e

  • SHA512

    334b987cdbcf796f278d585ef98cf209a89fe903d9a4f4dc374210861bc5410cf5b013048090f8c46102ad60809f7b805b291860ec09f52227ff6e5cc18ae0f7

  • SSDEEP

    12288:qkQHUxA6s8jEg3sQHniC4uSJdWoQE4/2EK73WLr9RZCqsP031kX3r5wuvYe+msn1:PjO8jEg3DHnyuSjxU3XjZpwzGz

Score
10/10
modiloaderxloaderuj3cloaderpersistencerattrojan

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

uj3c

Decoy

copimetro.com

choonchain.com

luxxwireless.com

fashionweekofcincinnati.com

campingshare.net

suncochina.com

kidsfundoor.com

testingnyc.co

lovesoe.com

vehiclesbeenrecord.com

socialpearmarketing.com

maxproductdji.com

getallarticle.online

forummind.com

arenamarenostrum.com

trisuaka.xyz

designgamagazine.com

chateaulehotel.com

huangse5.com

esginvestment.tech

Targets

    • Target

      Yeni siparis listesi.exe

    • Size

      1013KB

    • MD5

      add891fdc3f5ac2ff276e6529df08954

    • SHA1

      29485243206d1825c28109fac8f492cf2ab3b30d

    • SHA256

      b3cd5ca1cfe3eeaff6e38ee71593415d63c5f2117c3a1c3a4bbbbde98e46171e

    • SHA512

      334b987cdbcf796f278d585ef98cf209a89fe903d9a4f4dc374210861bc5410cf5b013048090f8c46102ad60809f7b805b291860ec09f52227ff6e5cc18ae0f7

    • SSDEEP

      12288:qkQHUxA6s8jEg3sQHniC4uSJdWoQE4/2EK73WLr9RZCqsP031kX3r5wuvYe+msn1:PjO8jEg3DHnyuSjxU3XjZpwzGz

    Score
    10/10
    modiloadertrojanxloaderuj3cloaderpersistencerat

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • ModiLoader Second Stage

    • Xloader payload

      rat

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks