modiloader | 5844f59924e4a39977d0b9e24f4dc23752a5b1bd8dab639e1acea12f86c7c5fe

General

Target

Hrbrnvsucuocfr.exe
Size

707KB
Sample

230414-p1rpksbc9t
MD5

57e591a8d8b2653653aba97eb7333c90
SHA1

08d95ed0b07b01ca2292c5e7be87de3db18621d9
SHA256

5844f59924e4a39977d0b9e24f4dc23752a5b1bd8dab639e1acea12f86c7c5fe
SHA512

dfbfafa81e2570f1aa8b9e88b9f8e4d8b698b1664dfb690603a2a96cc27433e1f0ce03ad7dc061ef234b3056062661d40a7344d5c37482137a8f2e53c6c0acde
SSDEEP

12288:3lSLbFGyI6Lr4x6xsRzNgBlAU94uq43B2VrNoS9:VuL4xSsRzNgOuTx2VB9

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

euv4

Decoy

anniebapartments.com

hagenbicycles.com

herbalist101.com

southerncorrosion.net

kuechenpruefer.com

tajniezdrzi.quest

segurofunerarioar.com

boardsandbeamsdecor.com

alifdanismanlik.com

pkem.top

mddc.clinic

handejqr.com

crux-at.com

awp.email

hugsforbubbs.com

cielotherepy.com

turkcuyuz.com

teamidc.com

lankasirinspa.com

68135.online

Targets

- Target
  
  Hrbrnvsucuocfr.exe
- Size
  
  707KB
- MD5
  
  57e591a8d8b2653653aba97eb7333c90
- SHA1
  
  08d95ed0b07b01ca2292c5e7be87de3db18621d9
- SHA256
  
  5844f59924e4a39977d0b9e24f4dc23752a5b1bd8dab639e1acea12f86c7c5fe
- SHA512
  
  dfbfafa81e2570f1aa8b9e88b9f8e4d8b698b1664dfb690603a2a96cc27433e1f0ce03ad7dc061ef234b3056062661d40a7344d5c37482137a8f2e53c6c0acde
- SSDEEP
  
  12288:3lSLbFGyI6Lr4x6xsRzNgBlAU94uq43B2VrNoS9:VuL4xSsRzNgOuTx2VB9
Score

10^/10

modiloader trojan xloader euv4 loader persistence rat
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- ModiLoader Second Stage
- Xloader payload
  rat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

ModiLoader, DBatLoader

Xloader

ModiLoader Second Stage

Xloader payload

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2