Extracted

• • Target

    9567f48916104c53143b44bb1555d0d083b32cbde4475c2c3c55e6dec515c12d

  • Size

    370KB

  • MD5

    7d504bef99b92dd7b73c0699b5a4f87b

  • SHA1

    871406d918975620f13298e73a183910241ff536

  • SHA256

    9567f48916104c53143b44bb1555d0d083b32cbde4475c2c3c55e6dec515c12d

  • SHA512

    f73270a0a97f2c58784862a45a4897b1c2ad76cf1d0f942450f58859131f863cc097f420aac33e3bc282ac8e192dc6b81874a31273ca1796c878f4cf20a9a58a

  • SSDEEP

    6144:JEYZetlt+qb/8BU4/F2k1lxgv3np7CMxeR1I//Umf6Vv0eqmU+TsVsFpx/:zetllE58Orgv3nVnD/UGo9zcs3V

  Score

  10^/10

  modiloaderxtremeratpersistenceratspywaretrojanupx

  • Detect XtremeRAT payload

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • ModiLoader Second Stage

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  behavioral1behavioral2