modiloader | 3a0b0499401f4c77a799db828f6ffe6651eb355cef6f5df9c93a2d6b3b961ac2

General

Target

fatura e vonuar e bashkangjitur.zip
Size

356KB
Sample

221205-pvlw5sec8y
MD5

35e6a265c5dcd0bf1e30507b4fdf4c44
SHA1

e95f8a993be2375f2a83293686da6d1d1386d6dc
SHA256

3a0b0499401f4c77a799db828f6ffe6651eb355cef6f5df9c93a2d6b3b961ac2
SHA512

623058075e237f014169d1d2c103a384fadb22e8a3b934990094a6f2bf63164a2444ce743f058be8397460ef2c680f24d79dfca42bf151b51c51e5d1c7a1a103
SSDEEP

6144:mHaVh4yXJntdnb89cUURQaUjnJs4crImPiayJ2FixDh7E8TP4bxGhN/6S4OEa9YZ:F4Q7Y9cUgQaUjnJs4K15yEF+1EIPfTej

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

euv4

Decoy

anniebapartments.com

hagenbicycles.com

herbalist101.com

southerncorrosion.net

kuechenpruefer.com

tajniezdrzi.quest

segurofunerarioar.com

boardsandbeamsdecor.com

alifdanismanlik.com

pkem.top

mddc.clinic

handejqr.com

crux-at.com

awp.email

hugsforbubbs.com

cielotherepy.com

turkcuyuz.com

teamidc.com

lankasirinspa.com

68135.online

Targets

- Target
  
  fatura e vonuar e bashkangjitur.exe
- Size
  
  777KB
- MD5
  
  8bf3e429a207bdf60279f3076a85108f
- SHA1
  
  da48577ad55bf7c75893dea2306973ed3cad499c
- SHA256
  
  20722f90d97d84e6453888a294f2a6b8e62c15daf9da7b6e13649ffb95c2146f
- SHA512
  
  b56454134d55655d87e30309b965cfecdc2b516c5a2abf68f5a748d8c187fe1cd1581701b947f399d10f4b257bfda8208a638394a906f4bd6291c4063115b771
- SSDEEP
  
  12288:4aDW4pT3boLduwYh0H7/C+khXx7ogdmTOeIurz7MJUXbXzaHyCkonBcyrj:4ajVsLduwA0HLC+k7MgdmTRrl/ronBd
Score

10^/10

modiloader trojan xloader euv4 loader persistence rat
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- ModiLoader Second Stage
- Xloader payload
  rat
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

ModiLoader, DBatLoader

Xloader

ModiLoader Second Stage

Xloader payload

Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2