modiloader | c84d9cb4b4e037cbaf9632d4cdd0f493d2c5e0b5f6308fe97f84f04b501155c8

General

Target

SecuriteInfo.com.Win32.InjectorX-gen.5219.3582.exe
Size

1.0MB
Sample

221206-mlkllshh45
MD5

90c725f0f378bbdd4c73b4c59f3e741d
SHA1

f3975204ca0bb283270afeaf4038111fca3933aa
SHA256

c84d9cb4b4e037cbaf9632d4cdd0f493d2c5e0b5f6308fe97f84f04b501155c8
SHA512

984e06aacb291741fc3a8de194c455155a13bb8ccb4d76dc938550fa04fc8377306f1e6ccf234d9d2e39924d71bfc9b1a8e1e1bc4b3fbc45b4a470282ca7b45b
SSDEEP

24576:JR6gr/LZizjzo/BMR92kB6NhMhtrjxLF7Z+/ronB:JX/4R8th+1lLF0MnB

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

euv4

Decoy

anniebapartments.com

hagenbicycles.com

herbalist101.com

southerncorrosion.net

kuechenpruefer.com

tajniezdrzi.quest

segurofunerarioar.com

boardsandbeamsdecor.com

alifdanismanlik.com

pkem.top

mddc.clinic

handejqr.com

crux-at.com

awp.email

hugsforbubbs.com

cielotherepy.com

turkcuyuz.com

teamidc.com

lankasirinspa.com

68135.online

Targets

- Target
  
  SecuriteInfo.com.Win32.InjectorX-gen.5219.3582.exe
- Size
  
  1.0MB
- MD5
  
  90c725f0f378bbdd4c73b4c59f3e741d
- SHA1
  
  f3975204ca0bb283270afeaf4038111fca3933aa
- SHA256
  
  c84d9cb4b4e037cbaf9632d4cdd0f493d2c5e0b5f6308fe97f84f04b501155c8
- SHA512
  
  984e06aacb291741fc3a8de194c455155a13bb8ccb4d76dc938550fa04fc8377306f1e6ccf234d9d2e39924d71bfc9b1a8e1e1bc4b3fbc45b4a470282ca7b45b
- SSDEEP
  
  24576:JR6gr/LZizjzo/BMR92kB6NhMhtrjxLF7Z+/ronB:JX/4R8th+1lLF0MnB
Score

10^/10

modiloader trojan xloader euv4 loader persistence rat
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- ModiLoader Second Stage
- Xloader payload
  rat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

ModiLoader, DBatLoader

Xloader

ModiLoader Second Stage

Xloader payload

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2