modiloader | 2d199eabc6eb73021e9a2778f038ae12e79f9d247daeb03fed293baeeede26a5

General

Target

387263527630093.zip
Size

655KB
Sample

230405-wzwepsag4z
MD5

c38a88231a374b296d0b19fc39ac9223
SHA1

86c1b67b8bd56c3854f87001aaa40b130b87be77
SHA256

2d199eabc6eb73021e9a2778f038ae12e79f9d247daeb03fed293baeeede26a5
SHA512

00fbfd92ea85ed9037bd81c6a28d177f35d55d1139daf28da84c51ad0587b86ea2826be0dfdc340e8a66d216221aacef2cf5e45e0e844941f36628f129c0e07d
SSDEEP

12288:f2MAR54NtnW46nT/fHGBd8HqFDG9O5rOaR8kbgzHmABkP79mTijs9D/l3YZrYCqw:f2Mu4NtnWtnHMjbNLR8kNUqqiKR3GrYQ

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

euv4

Decoy

anniebapartments.com

hagenbicycles.com

herbalist101.com

southerncorrosion.net

kuechenpruefer.com

tajniezdrzi.quest

segurofunerarioar.com

boardsandbeamsdecor.com

alifdanismanlik.com

pkem.top

mddc.clinic

handejqr.com

crux-at.com

awp.email

hugsforbubbs.com

cielotherepy.com

turkcuyuz.com

teamidc.com

lankasirinspa.com

68135.online

Targets

- Target
  
  387263527630093.exe
- Size
  
  1.0MB
- MD5
  
  0b92c0d90964c501b37a944c5ccc01e3
- SHA1
  
  36bbbc5bcb3ee4aaf7c7cd6034733a6b5504e38e
- SHA256
  
  74b472ebfa120b3c19287ed837c243b65de17bd647eea036d338b17f5e2ec548
- SHA512
  
  d01192e005143bc39eb8e020fee37fb6b831ac7c5e8503d8ccea7a2ff83801c77ea4b1f5b5c3272bccde07bef3699347480ad1dfa101ae037ec0c6cae841dd70
- SSDEEP
  
  24576:v6R9yfVUXwTEfF59XADz3OjaZQQJ0nhUGfApjLM:v6mO0MF59XADzejakuGfAtM
Score

10^/10

modiloader xloader euv4 loader persistence rat trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- ModiLoader Second Stage
- Xloader payload
  rat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

ModiLoader, DBatLoader

Xloader

ModiLoader Second Stage

Xloader payload

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2