modiloader | 2094d30dea8b0156041fd371f3c82d0ebbf39ed98ee34613958e6e28ddcbc424

General

Target

0234122562756152526.exe
Size

748KB
Sample

221027-npfmhacadl
MD5

6b87589f12f3ca7a3dda937761317741
SHA1

15250c59962314684b090c01b5a97f0ebeaeec6b
SHA256

2094d30dea8b0156041fd371f3c82d0ebbf39ed98ee34613958e6e28ddcbc424
SHA512

325b19b0ed38f3bc29d28ec9f7652399bfb6d0ae958ce53c8c7b8ba04c68ce368235a41a8441989cde45c5a960cd462e6ad127c83997862d02ebbf501623d1aa
SSDEEP

12288:QFwXm1eLcZbP9mpAmFXZ5e0mvXTeYZITtsUXqvxwUxLfHazzJr0:QFGQeabFmKmFzhmvJWu5PB

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

euv4

Decoy

anniebapartments.com

hagenbicycles.com

herbalist101.com

southerncorrosion.net

kuechenpruefer.com

tajniezdrzi.quest

segurofunerarioar.com

boardsandbeamsdecor.com

alifdanismanlik.com

pkem.top

mddc.clinic

handejqr.com

crux-at.com

awp.email

hugsforbubbs.com

cielotherepy.com

turkcuyuz.com

teamidc.com

lankasirinspa.com

68135.online

Targets

- Target
  
  0234122562756152526.exe
- Size
  
  748KB
- MD5
  
  6b87589f12f3ca7a3dda937761317741
- SHA1
  
  15250c59962314684b090c01b5a97f0ebeaeec6b
- SHA256
  
  2094d30dea8b0156041fd371f3c82d0ebbf39ed98ee34613958e6e28ddcbc424
- SHA512
  
  325b19b0ed38f3bc29d28ec9f7652399bfb6d0ae958ce53c8c7b8ba04c68ce368235a41a8441989cde45c5a960cd462e6ad127c83997862d02ebbf501623d1aa
- SSDEEP
  
  12288:QFwXm1eLcZbP9mpAmFXZ5e0mvXTeYZITtsUXqvxwUxLfHazzJr0:QFGQeabFmKmFzhmvJWu5PB
Score

10^/10

modiloader trojan xloader euv4 loader persistence rat
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- ModiLoader Second Stage
- Xloader payload
  rat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

ModiLoader, DBatLoader

Xloader

ModiLoader Second Stage

Xloader payload

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2