modiloader | 6e12b81d0caa6af558b3890f3240544528f8c5e3b64ba8fc1ff94e7e1da264b8

General

Target

ead941adf6c2faa306a3958518213c38_JaffaCakes118
Size

792KB
Sample

240919-jaflqsxelm
MD5

ead941adf6c2faa306a3958518213c38
SHA1

ca987dfb8c50c8a52ab8217fa18c4c1fac9df71f
SHA256

6e12b81d0caa6af558b3890f3240544528f8c5e3b64ba8fc1ff94e7e1da264b8
SHA512

0712e5b7c6b53753ef001dd378f03529cac384f266499185909fda2d38627c68e4b12a5a245a547e5d9ea47536c1f7d5c9c511aaa630291494c150929e961d6c
SSDEEP

24576:dSA6gqLF77dMY1mahfbJoda6D0rcytkOsxo6j18ZsRTEswxtmttYSztF9a06pAFQ:kA6gqLF77dMY1mahfbJoda6D0rcytkO3

Score

10^/10

Malware Config

Extracted

Family

xtremerat

C2

known.no-ip.biz

known1.no-ip.biz

Targets

- Target
  
  ead941adf6c2faa306a3958518213c38_JaffaCakes118
- Size
  
  792KB
- MD5
  
  ead941adf6c2faa306a3958518213c38
- SHA1
  
  ca987dfb8c50c8a52ab8217fa18c4c1fac9df71f
- SHA256
  
  6e12b81d0caa6af558b3890f3240544528f8c5e3b64ba8fc1ff94e7e1da264b8
- SHA512
  
  0712e5b7c6b53753ef001dd378f03529cac384f266499185909fda2d38627c68e4b12a5a245a547e5d9ea47536c1f7d5c9c511aaa630291494c150929e961d6c
- SSDEEP
  
  24576:dSA6gqLF77dMY1mahfbJoda6D0rcytkOsxo6j18ZsRTEswxtmttYSztF9a06pAFQ:kA6gqLF77dMY1mahfbJoda6D0rcytkO3
Score

10^/10

modiloader xtremerat discovery persistence rat spyware trojan upx
- Detect XtremeRAT payload
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- ModiLoader Second Stage
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect XtremeRAT payload

ModiLoader, DBatLoader

XtremeRAT

ModiLoader Second Stage

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2