modiloader | e4a8a88bffaf744487df4bfd56f975542f59efb4aabe037f2ce5baea61875f98

General

Target

e4a8a88bffaf744487df4bfd56f975542f59efb4aabe037f2ce5baea61875f98
Size

771KB
Sample

230227-m7xhasdd26
MD5

33669c543650acb45e9938e08dd7729f
SHA1

b631d13143deb4be68b52a6b01b3aebccbfa19af
SHA256

e4a8a88bffaf744487df4bfd56f975542f59efb4aabe037f2ce5baea61875f98
SHA512

788201bb639b24c726bc3e29fa25ebfa9ae5c5c2a1fd4509d187c413bdc415ff9c9a3c5e0fe60df9d5924b3af8004f665c09461967cbd109f084fda84b65b38d
SSDEEP

12288:Pr5Nxzs78p/cJCzQkgtr80XGjObPkOOFIiteSmF0Z/:PFvzs7bJWbgtopibPkOORm0

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

euv4

Decoy

anniebapartments.com

hagenbicycles.com

herbalist101.com

southerncorrosion.net

kuechenpruefer.com

tajniezdrzi.quest

segurofunerarioar.com

boardsandbeamsdecor.com

alifdanismanlik.com

pkem.top

mddc.clinic

handejqr.com

crux-at.com

awp.email

hugsforbubbs.com

cielotherepy.com

turkcuyuz.com

teamidc.com

lankasirinspa.com

68135.online

Targets

- Target
  
  e4a8a88bffaf744487df4bfd56f975542f59efb4aabe037f2ce5baea61875f98
- Size
  
  771KB
- MD5
  
  33669c543650acb45e9938e08dd7729f
- SHA1
  
  b631d13143deb4be68b52a6b01b3aebccbfa19af
- SHA256
  
  e4a8a88bffaf744487df4bfd56f975542f59efb4aabe037f2ce5baea61875f98
- SHA512
  
  788201bb639b24c726bc3e29fa25ebfa9ae5c5c2a1fd4509d187c413bdc415ff9c9a3c5e0fe60df9d5924b3af8004f665c09461967cbd109f084fda84b65b38d
- SSDEEP
  
  12288:Pr5Nxzs78p/cJCzQkgtr80XGjObPkOOFIiteSmF0Z/:PFvzs7bJWbgtopibPkOORm0
Score

10^/10

modiloader trojan xloader euv4 loader persistence rat
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- ModiLoader Second Stage
- Xloader payload
  rat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

ModiLoader, DBatLoader

Xloader

ModiLoader Second Stage

Xloader payload

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2