modiloader | 4b382c5497bb61b9cc4189101e9595a031f37db9fa712b61cdc4a60f59bff8b4

General

Target

6.exe
Size

816KB
Sample

230117-nn1ahsfa93
MD5

c913939da5213c631b70b06fa61eae28
SHA1

28d2f9a5f12be6d61b85f5a5d6187e01f0ae284c
SHA256

4b382c5497bb61b9cc4189101e9595a031f37db9fa712b61cdc4a60f59bff8b4
SHA512

271be8d2ed70e93b16ae7a68e72b93252b6e9164f53d286014e371e801a268d650f484e1a19c1afd85abbd68c8f4718c11dc0c2c19ca64e849434d10fb476e49
SSDEEP

12288:hvTirPykFC+EQpA7EOiidyVMmfP8DspvZFVphCF807ldv8gjwowEl52joHDL4wk:aPVFn/A7vsV/f6MvvV+maHN5RA

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

euv4

Decoy

anniebapartments.com

hagenbicycles.com

herbalist101.com

southerncorrosion.net

kuechenpruefer.com

tajniezdrzi.quest

segurofunerarioar.com

boardsandbeamsdecor.com

alifdanismanlik.com

pkem.top

mddc.clinic

handejqr.com

crux-at.com

awp.email

hugsforbubbs.com

cielotherepy.com

turkcuyuz.com

teamidc.com

lankasirinspa.com

68135.online

Targets

- Target
  
  6.exe
- Size
  
  816KB
- MD5
  
  c913939da5213c631b70b06fa61eae28
- SHA1
  
  28d2f9a5f12be6d61b85f5a5d6187e01f0ae284c
- SHA256
  
  4b382c5497bb61b9cc4189101e9595a031f37db9fa712b61cdc4a60f59bff8b4
- SHA512
  
  271be8d2ed70e93b16ae7a68e72b93252b6e9164f53d286014e371e801a268d650f484e1a19c1afd85abbd68c8f4718c11dc0c2c19ca64e849434d10fb476e49
- SSDEEP
  
  12288:hvTirPykFC+EQpA7EOiidyVMmfP8DspvZFVphCF807ldv8gjwowEl52joHDL4wk:aPVFn/A7vsV/f6MvvV+maHN5RA
Score

10^/10

modiloader trojan xloader euv4 loader persistence rat
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- ModiLoader Second Stage
- Xloader payload
  rat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

ModiLoader, DBatLoader

Xloader

ModiLoader Second Stage

Xloader payload

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2