modiloader | c7f2a0affba4248f4b27486f35c2c91fc27c210bc3d200ddac825b7ad5341d30

General

Target

Yeni siparis eklendi.exe
Size

769KB
Sample

230414-gvavwage65
MD5

57fda92eba26470e5269afd0137f197c
SHA1

fba7aa814defbfb093407da33f1e3d6357301465
SHA256

c7f2a0affba4248f4b27486f35c2c91fc27c210bc3d200ddac825b7ad5341d30
SHA512

194d685f0479d456e1849dc2de44e4d56cee32affa4c99acfcfd6626c53a56e4bca3c8963d3317a639579f4c8692df401f8a5d748846f5f6d837034720c8d6c4
SSDEEP

12288:cjtATpxC7cYFqGwib8yzaeCvFJIqtIz2XtkJ/PufCUWUo2:cjt2pHYkUraDvFTIa9kJ/Pu/ro

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.6

Campaign

uj3c

Decoy

copimetro.com

choonchain.com

luxxwireless.com

fashionweekofcincinnati.com

campingshare.net

suncochina.com

kidsfundoor.com

testingnyc.co

lovesoe.com

vehiclesbeenrecord.com

socialpearmarketing.com

maxproductdji.com

getallarticle.online

forummind.com

arenamarenostrum.com

trisuaka.xyz

designgamagazine.com

chateaulehotel.com

huangse5.com

esginvestment.tech

Targets

- Target
  
  Yeni siparis eklendi.exe
- Size
  
  769KB
- MD5
  
  57fda92eba26470e5269afd0137f197c
- SHA1
  
  fba7aa814defbfb093407da33f1e3d6357301465
- SHA256
  
  c7f2a0affba4248f4b27486f35c2c91fc27c210bc3d200ddac825b7ad5341d30
- SHA512
  
  194d685f0479d456e1849dc2de44e4d56cee32affa4c99acfcfd6626c53a56e4bca3c8963d3317a639579f4c8692df401f8a5d748846f5f6d837034720c8d6c4
- SSDEEP
  
  12288:cjtATpxC7cYFqGwib8yzaeCvFJIqtIz2XtkJ/PufCUWUo2:cjt2pHYkUraDvFTIa9kJ/Pu/ro
Score

10^/10

modiloader trojan xloader uj3c loader persistence rat
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- ModiLoader Second Stage
- Xloader payload
  rat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

ModiLoader, DBatLoader

Xloader

ModiLoader Second Stage

Xloader payload

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2