modiloader | 2aa5d77dc9e220153a64d43e3ef344f140c3e85a0d69663c8c38c2a8d3fb96dc

General

Target

Popis gostiju u prilogu.zip
Size

366KB
Sample

230413-m3d56acc6t
MD5

a19fcdf578496d0ee9984b1edfc63053
SHA1

02807dfc49b5c484e7486315765ac9380b7c87e7
SHA256

2aa5d77dc9e220153a64d43e3ef344f140c3e85a0d69663c8c38c2a8d3fb96dc
SHA512

73aaed9446761e6ee96c8b26acf7385da6be957776096eb54f40c5b16bc93014a738b7559f7cda80c9c2a03a78e41bbe87dd6c03b2a140ce905ee05402fb7e11
SSDEEP

6144:hpiR/rKO4+UBiFMy80XNSNKb6suZlIaPOrB6F8rf40ujRqSDizn6:hO+KUB+v8wjG1saPmBg0ujRqSWu

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

euv4

Decoy

anniebapartments.com

hagenbicycles.com

herbalist101.com

southerncorrosion.net

kuechenpruefer.com

tajniezdrzi.quest

segurofunerarioar.com

boardsandbeamsdecor.com

alifdanismanlik.com

pkem.top

mddc.clinic

handejqr.com

crux-at.com

awp.email

hugsforbubbs.com

cielotherepy.com

turkcuyuz.com

teamidc.com

lankasirinspa.com

68135.online

Targets

- Target
  
  Popis gostiju u prilogu.exe
- Size
  
  769KB
- MD5
  
  7ebb88878607b2198fa599a8b69fa83b
- SHA1
  
  9008a6a4439a8e64c371e15a1ed3210f6e6a7d40
- SHA256
  
  b2d9890dbbc344c79e99127f7aebf3f459349081c2033e5288128bd2cb37a8b4
- SHA512
  
  57563c6c949f92a22d3cacae01c06a7ba198afe4b067e41010151259b9e1a234f1dd5cddd2bc506242e630efe34564b674b6ecbc9a8a777479a3884f7014e857
- SSDEEP
  
  12288:cjtATpxC7cYFqGwib8yzaeCvFJIqtIz2XjkJ/PufCUWUo2:cjt2pHYkUraDvFTIazkJ/Pu/ro
Score

10^/10

modiloader trojan xloader euv4 loader persistence rat
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- ModiLoader Second Stage
- Xloader payload
  rat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

ModiLoader, DBatLoader

Xloader

ModiLoader Second Stage

Xloader payload

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2