modiloader | a275054bea0eb816c6d045580e02c610eb476b33062d34c1913375475de53279

General

Target

U prilogu nova lista narudzbi.zip
Size

365KB
Sample

230120-qjdbasfg9s
MD5

c38d768287358cd4a71fe9d1f1e71f36
SHA1

eadab09668975ae7a69524a75290705904c8931b
SHA256

a275054bea0eb816c6d045580e02c610eb476b33062d34c1913375475de53279
SHA512

6f6dfef0c454ad4c4b124aebd21700f5f8168c15f27fe8dedc34a600a8c1c61585082f95afb92fea114126fa9796eabb7b970d35e15ec64c1f57e967b76e088e
SSDEEP

6144:oUgHhKhtA8E4tU0p9TB2Eu+8uymXq2d0xflKtDuIHU0CyH49Y3S4uQujgY5wACn2:vgHoP9EkVPB2EBymXhedlK0IHU0K9dLz

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

euv4

Decoy

anniebapartments.com

hagenbicycles.com

herbalist101.com

southerncorrosion.net

kuechenpruefer.com

tajniezdrzi.quest

segurofunerarioar.com

boardsandbeamsdecor.com

alifdanismanlik.com

pkem.top

mddc.clinic

handejqr.com

crux-at.com

awp.email

hugsforbubbs.com

cielotherepy.com

turkcuyuz.com

teamidc.com

lankasirinspa.com

68135.online

Targets

- Target
  
  U prilogu nova lista narudzbi.exe
- Size
  
  740KB
- MD5
  
  c03c09f867ffd16bb0af27e90d77d917
- SHA1
  
  0db2adb82a5500ae122fe35986a76264715b5985
- SHA256
  
  040a34e5884c29dd12452d342e344fe0d40f8dc1ea161d93c2a6c35b0a7da08b
- SHA512
  
  9a0157b8ec6d4e45f38913dbbca8a951d24590e8831d731a39ddc7511c5833e5a77932c446641f4cff14e30801dd224904e3632c0fbdd842c24d2660e26ff9e7
- SSDEEP
  
  12288:QJwpjlZUpP4dtZp1EgkuI1EXfVFxLBoOQziyMD78phts2O16a:QopZ9tT1wuI1EtLLxiiya78phm
Score

10^/10

modiloader trojan xloader euv4 loader persistence rat
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- ModiLoader Second Stage
- Xloader payload
  rat
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

ModiLoader, DBatLoader

Xloader

ModiLoader Second Stage

Xloader payload

Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2