modiloader | fef960655534cc3074d51cf9323698e9c5dc9d4bba52de6b414b1727d29d997a | Triage

Sharing

General

Target

Order confirmation proforma Invoice.zip
Size

320KB
Sample

230216-s25jlshh81
MD5

291b91cfcc56bbe65a75b689a9b15583
SHA1

a8aa3a732cc3726dcb3ec086d263fe7377cc7f54
SHA256

fef960655534cc3074d51cf9323698e9c5dc9d4bba52de6b414b1727d29d997a
SHA512

38b7998facc917ab870b464e52bc9bc832c9aa71a962736339ccdd3c0b49ad266cfe068299c0bb3525a04d0f883b175a1ea81085203350b04f41e725b4a1197e
SSDEEP

6144:4kb9L3aEQCbN7UwoBdt2rMogzAJknwRzCe47BTnRapXbURPsn9uEIkD7GATRs:sM7UwoBT2rMm2nwVP4F0hUicE7/GA6

Score

10^/10

modiloader xloader euv4 loader persistence rat trojan

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

euv4

Decoy

anniebapartments.com

hagenbicycles.com

herbalist101.com

southerncorrosion.net

kuechenpruefer.com

tajniezdrzi.quest

segurofunerarioar.com

boardsandbeamsdecor.com

alifdanismanlik.com

pkem.top

mddc.clinic

handejqr.com

crux-at.com

awp.email

hugsforbubbs.com

cielotherepy.com

turkcuyuz.com

teamidc.com

lankasirinspa.com

68135.online

Targets

- Target
  
  Order confirmation proforma Invoice.exe
- Size
  
  884KB
- MD5
  
  083de0a909532eb3348578a7beb95bca
- SHA1
  
  29e83783b3fe5a4e483dec157141f066a6af7026
- SHA256
  
  fdff6b98ec2be3abdd05531d36bc50d514d449dc6f753fb6aa8d4657e5669828
- SHA512
  
  5c599d3d780886f2b259fd457c976833a6fb3b48e870fda1a58271637cfeda6cbaeae5a2fbb6308496477d6e6fffd9e6f910860b6dda8e7f44c880fd97a3a932
- SSDEEP
  
  12288:Cb8A+lyMML0gN55kXFyqf0bGBvGoE3IhAf1nAhglR:C4ZzML0gN5WXFaK9GoEHf1nAhglR
Score

10^/10

modiloader trojan xloader euv4 loader persistence rat
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- ModiLoader Second Stage
- Xloader payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

modiloadertrojan

behavioral2

modiloaderxloadereuv4loaderpersistencerattrojan