modiloader | 571f568b2f39341e58008733cdeec8b593a9c9a7d7d929b8061bd8b869890952

General

Target

swift1129202245000Euro_1.zip
Size

349KB
Sample

221130-l4jllade5z
MD5

628549f3bf5a3a0e1b25d0942feb2ac4
SHA1

d4448f2fb4b238d9f82cf40d2564ebd07fb9d9ec
SHA256

571f568b2f39341e58008733cdeec8b593a9c9a7d7d929b8061bd8b869890952
SHA512

2160365f97d2d74a240499d8c7ad968eafed23c56093fefea8b3acbe1878c931ee095fe9fcbfd60d11577e0e9a4f5701ddc22ac1866e8c8c8e06755ab571fe43
SSDEEP

6144:S+zD+/tjULISUXQ+kSMY15E3PUGvQTzqI58PTwo2eaChAz+HCtwoQ/kfePOx5kLc:FD+ljJX4SMXPUGSzqa8wDKA1twoQc2PS

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

euv4

Decoy

anniebapartments.com

hagenbicycles.com

herbalist101.com

southerncorrosion.net

kuechenpruefer.com

tajniezdrzi.quest

segurofunerarioar.com

boardsandbeamsdecor.com

alifdanismanlik.com

pkem.top

mddc.clinic

handejqr.com

crux-at.com

awp.email

hugsforbubbs.com

cielotherepy.com

turkcuyuz.com

teamidc.com

lankasirinspa.com

68135.online

Targets

- Target
  
  swift1129202245000Euro.exe
- Size
  
  733KB
- MD5
  
  edb1382c354ec6c09c53473e5335703a
- SHA1
  
  a1a5fbfce034731cba1072bab6b97b26c8a90c79
- SHA256
  
  c2c6eec67a1561c3a49179ddf756480876d92588c2e83d64246a04c3d724cb3d
- SHA512
  
  7a39e02e0c6b5036763a7646a5960de36230eaef32da6b36687aa71170bd2125775888ec71ff112fb76a38d17d77b650089257043288fae82598dee5e6987ed9
- SSDEEP
  
  12288:i1qMhtVLzLypCggIh36+O9dvjpQVeri4Z2qKk/RqIkr:WFhHzmQgn6+8T/r7saqI
Score

10^/10

modiloader trojan xloader euv4 loader persistence rat
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- ModiLoader Second Stage
- Xloader payload
  rat
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

ModiLoader, DBatLoader

Xloader

ModiLoader Second Stage

Xloader payload

Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2