Overview

overview

10

Static

static

109ab3837f...b5.exe

windows7-x64

10

109ab3837f...b5.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    109ab3837f865b4ba288ca4a1fa4e8d416c04b3686376c55128553d4a4db55b5

  • Size

    824KB

  • Sample

    221216-kezqvahb91

  • MD5

    4575f347077760e1257159f74291fad0

  • SHA1

    d65c9fa35db54403c42b2731f6c616317eb23b78

  • SHA256

    109ab3837f865b4ba288ca4a1fa4e8d416c04b3686376c55128553d4a4db55b5

  • SHA512

    d238fead3b0efa0c6140f587b1d9ff9a9b7298189d6153a3d53aaeaa95b440807e9871ed60706e85c5f396f272ce6ab548184a0ba64c9f8e7b04300fed96936e

  • SSDEEP

    12288:88xW3p8fe9EgNBWWJXVy20V0abqYU3K4j2X2Er5OxG2:8xCfe9EmLJlNIF3RXVr0G

Score
10/10
modiloaderxloaderuj3cloaderpersistencerattrojan

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

uj3c

Decoy

copimetro.com

choonchain.com

luxxwireless.com

fashionweekofcincinnati.com

campingshare.net

suncochina.com

kidsfundoor.com

testingnyc.co

lovesoe.com

vehiclesbeenrecord.com

socialpearmarketing.com

maxproductdji.com

getallarticle.online

forummind.com

arenamarenostrum.com

trisuaka.xyz

designgamagazine.com

chateaulehotel.com

huangse5.com

esginvestment.tech

Targets

    • Target

      109ab3837f865b4ba288ca4a1fa4e8d416c04b3686376c55128553d4a4db55b5

    • Size

      824KB

    • MD5

      4575f347077760e1257159f74291fad0

    • SHA1

      d65c9fa35db54403c42b2731f6c616317eb23b78

    • SHA256

      109ab3837f865b4ba288ca4a1fa4e8d416c04b3686376c55128553d4a4db55b5

    • SHA512

      d238fead3b0efa0c6140f587b1d9ff9a9b7298189d6153a3d53aaeaa95b440807e9871ed60706e85c5f396f272ce6ab548184a0ba64c9f8e7b04300fed96936e

    • SSDEEP

      12288:88xW3p8fe9EgNBWWJXVy20V0abqYU3K4j2X2Er5OxG2:8xCfe9EmLJlNIF3RXVr0G

    Score
    10/10
    modiloadertrojanxloaderuj3cloaderpersistencerat

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • ModiLoader Second Stage

    • Xloader payload

      rat

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks