modiloader | 7f354681e9ec602aef4dcdedfc3eb05a8f1a777b3691ae4d9d58e78240d49fe8

General

Target

yeni siparis listesi.exe
Size

816KB
Sample

230116-lhl5lagg9t
MD5

6b0f23e56a98160ef61e1864227b0617
SHA1

08b5e21bce19e406d182478a67bad6462b86a887
SHA256

7f354681e9ec602aef4dcdedfc3eb05a8f1a777b3691ae4d9d58e78240d49fe8
SHA512

961da7bd43e5fdf0f411fc4634614191be3e4e928d21e4a0c16d45b3f9dc7fed79079fc7bd3aff57883a77c48874b3e28ea8e590d57c6ac83f0a6c74fc63de40
SSDEEP

12288:hvTirPykFC+EQpA7EOiidyVMmfP8DspvZFVphCF807ldv8gUwowEl52joHDL4wk:aPVFn/A7vsV/f6MvvV+maKN5RA

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

uj3c

Decoy

copimetro.com

choonchain.com

luxxwireless.com

fashionweekofcincinnati.com

campingshare.net

suncochina.com

kidsfundoor.com

testingnyc.co

lovesoe.com

vehiclesbeenrecord.com

socialpearmarketing.com

maxproductdji.com

getallarticle.online

forummind.com

arenamarenostrum.com

trisuaka.xyz

designgamagazine.com

chateaulehotel.com

huangse5.com

esginvestment.tech

Targets

- Target
  
  yeni siparis listesi.exe
- Size
  
  816KB
- MD5
  
  6b0f23e56a98160ef61e1864227b0617
- SHA1
  
  08b5e21bce19e406d182478a67bad6462b86a887
- SHA256
  
  7f354681e9ec602aef4dcdedfc3eb05a8f1a777b3691ae4d9d58e78240d49fe8
- SHA512
  
  961da7bd43e5fdf0f411fc4634614191be3e4e928d21e4a0c16d45b3f9dc7fed79079fc7bd3aff57883a77c48874b3e28ea8e590d57c6ac83f0a6c74fc63de40
- SSDEEP
  
  12288:hvTirPykFC+EQpA7EOiidyVMmfP8DspvZFVphCF807ldv8gUwowEl52joHDL4wk:aPVFn/A7vsV/f6MvvV+maKN5RA
Score

10^/10

modiloader trojan xloader uj3c loader persistence rat
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- ModiLoader Second Stage
- Xloader payload
  rat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

ModiLoader, DBatLoader

Xloader

ModiLoader Second Stage

Xloader payload

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2