ioc[.]one - OSINT Cyber Threat Intelligence Database

ModernLoader delivers multiple stealers, cryptominers and RATs

Tags

cmtmf-attack-pattern:	Masquerading Process Injection
country:	Bulgaria Hungary Indonesia Poland Russia
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Cmstp - T1218.003 Domains - T1583.001 Domains - T1584.001 Ip Addresses - T1590.005 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Mshta - T1218.005 Multi-Factor Authentication - T1556.006 Native Api - T1575 Powershell - T1059.001 Process Injection - T1631 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Software - T1592.002 Visual Basic - T1059.005 Tool - T1588.002 Cmstp - T1191 Connection Proxy - T1090 Execution Through Api - T1106 Masquerading - T1036 Mshta - T1170 Powershell - T1086 Process Injection - T1055 Rootkit - T1014 Scheduled Task - T1053 Scripting - T1064 Masquerading Rootkit Scripting

Show in Graph

Common Information

Type	Value
UUID	d376e086-cfb6-4484-b3ad-c856daf6ff9d
Fingerprint	ae290f5205b7a5cc
Analysis status	DONE
Considered CTI value	2
Text language
Published	Aug. 30, 2022, 8 a.m.
Added to db	Sept. 11, 2022, 12:47 p.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	Vulnerability Information
Title	ModernLoader delivers multiple stealers, cryptominers and RATs
Detected Hints/Tags/Attributes	120/4/119

Source URLs

	Redirection	Url
Details	Source	http://blog.talosintelligence.com/2022/08/modernloader-delivers-multiple-stealers.html
Details	Source	https://blog.talosintelligence.com/2022/08/modernloader-delivers-multiple-stealers.html

URL Provider

Details	Provider	Source level domain
Details	talosintelligence.com	blog.talosintelligence.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	514	✔	—	https://blog.talosintelligence.com/feeds/posts/default	2024-09-01 14:09

Attributes

Details	Type	#Events	Value
Details	Domain	1	go.clss.cl
Details	Domain	123	ipinfo.io
Details	Domain	1	ww.cc
Details	Domain	2	runpe.run
Details	Domain	31	pool.supportxmr.com
Details	Domain	1	smartscreen.ps
Details	Domain	1	xboxlive.ps
Details	Domain	295	amazon.com
Details	Domain	1	usd.gift
Details	Domain	3	goo.su
Details	Domain	1	here.cisco
Details	Domain	904	snort.org
Details	File	1	autorunnn.exe
Details	File	1260	explorer.exe
Details	File	72	regsvcs.exe
Details	File	1	killamsi.dll
Details	File	39	amsi.dll
Details	File	1	friday.dll
Details	File	1	managament.inf
Details	File	1122	svchost.exe
Details	File	69	client.exe
Details	File	2	offer.exe
Details	File	2	vs_community.exe
Details	File	2	auto.exe
Details	File	47	cmstp.exe
Details	File	1	0xnax.exe
Details	File	2	appdata.exe
Details	File	49	onedrive.exe
Details	File	7	log.exe
Details	File	1	updatershelper.exe
Details	File	1	updatershelper.bat
Details	File	3	sihost64.exe
Details	File	1	beachy.exe
Details	File	137	conhost.exe
Details	File	3	wr64.sys
Details	File	1	%localappdata%\onedrive\onedrive.exe
Details	File	15	smartscreen.exe
Details	File	20	winring0x64.sys
Details	File	1	%appdata%\nexts\mine.exe
Details	File	1	%appdata%\nexts\output.exe
Details	File	1	%localappdata%\appdata.exe
Details	File	1	%appdata%\winserv\appdata.exe
Details	File	1	%appdata%\winserv\updatershelper.exe
Details	File	1	%appdata%\install+\appdata.bat
Details	File	1	%appdata%\links\mine.exe
Details	File	1	%appdata%\link\mine.exe
Details	File	1	%appdata%\link\mines.exe
Details	File	2	%appdata%\onedrive\onedrive.exe
Details	File	1	%appdata%\drives\off.bat
Details	File	1	%appdata%\drives\updatershelper.exe
Details	File	1	%appdata%\google\libs\wr64.sys
Details	File	1	xbinder-output.exe
Details	File	1	windowsconfiguration.vbs
Details	File	1	%localappdata%\onedrive\windowsconfiguration.vbs
Details	File	1	smartscreen.ps
Details	File	1	xboxlive.ps
Details	File	1	usd.gif
Details	File	4	t.vbs
Details	File	1	artadd.php
Details	File	1	futer.php
Details	md5	1	39cb3ed9d64849789471d05f94b7b62a
Details	sha256	1	d9c8e82c42e489ac7a484cb98fed40980d63952be9a88ff9538fc23f7d4eb27f
Details	sha256	1	3f5856a9ec23f6daf20fe9e42e56da1b8dcb0de66b6628a92b554d6e17c02fc3
Details	sha256	1	27bb9ee41bc7745854e3f3687955f1a6df3bbd74a7d1050a68fe0d0e6087b4b3
Details	sha256	1	142c333bef9eab4ce9d324e177572423c845ee399c01b4b78cfff730b4cb79b4
Details	sha256	1	4621924ff1b05ad7c15bc4b5dad68f7c8c3eceaf7824444b149264eff79d4b9a
Details	sha256	1	7e73bc53cd4e540e1d492e6fd8ff630354cd8a78134e99bc0b252eccb559c97a
Details	sha256	1	eb37c756c60a75068bfe88addd24e209080fe5383d25c919ea40fe78fff98612
Details	sha256	1	3f2f84147c55e5fc42261ace15ad55239d0bcba31a9acd20b99c999efbb9d392
Details	sha256	1	852857c66ee72f264c26d69c1f4092e99c2ed1fdcfef875f982fb75ed620ccc0
Details	sha256	1	435aa8b19125d795ada322aa8e30f3dd9afa03a4ac1350177c920426d1b17a47
Details	sha256	1	b71c43bf7af23ed6a12bdb7ce96a4755b8a7f285b8aa802484e8b2dfa191f14e
Details	sha256	1	53b09a7c8bf41ed9015b8e3a98fb8b8581e82d17c1ead0bd0293f2e3e9996519
Details	sha256	1	dc5255a5bcc89266ea0c7ca79f7a52ab281cbb6cc1980ee5b3a818114c01b93c
Details	sha256	1	21e72be7f818e2afd4d53ee8f16c7e4a4718a95dd75b90d83fa26181e426f578
Details	sha256	1	1c58274fbbeaf7178a478aea5e27b52d5ead7c66e24371a4089568fa6908818c
Details	sha256	1	96cd98d42b896f6c92fd97b435d727497102ca91ce6e95252251a28e0c3fb9f8
Details	sha256	1	3232126860f3729dda59f9db6476773997b4bcfb08e2e4b32b5214c30507d775
Details	sha256	1	dd24e5596c318b30c05cffc7467f5649564ab93874c9201bf758a1a2ce05228c
Details	sha256	2	40d68523748f6eaf765970a40458faccbe84ef5dff7acbdaf29ac5a69d7cae6f
Details	sha256	1	c103c7686739669f3cfc123de34bdadb803c4ec8727cf12cd7cdc56be4bf60e1
Details	sha256	1	1ddbf6cb9e4c92e93118d8f2ca98922195cf683926777b2c160f5d05d52f3fd5
Details	sha256	1	881235fca4aeeb88950b952c0d9ce1a7d9a4eb838ce7d79447a26d2f45b1eaa5
Details	sha256	1	09db213df3dbd950a8bc75246be72f5b572b00dbd3a5bba45c7074443d0928a7
Details	sha256	1	4a6ef2379195140aa31d339329ca06bd28589fa13fd88cfcf9d76cb2d4ab99c1
Details	sha256	1	2c631588c491aa32c20f6a99201ba82982a31b1c763054562d59cd1a5a1ea14b
Details	sha256	1	838170edffbca1cadef3b7039330376c1aad914883103834c25e9bb92d9bfad1
Details	sha256	1	9b347b48026f205733abbc24c502dfff5428341e10c6944687cdbfe70770f5f3
Details	sha256	1	5750d8d557fdcb6afb2d8cb52993fb07ac84a63aab0afc44efe30ffe08d48c2f
Details	sha256	1	9704fa1a8242643f66572e7ee68e4e7d7bec9e7054319b8551fed4b3b0ccdd45
Details	sha256	1	a249c275b0ad384ae1906d2ec169f77abce9d712ab8470eb5fe7040a71948026
Details	sha256	1	f013d15d2203ec6a90be789d4b58c99ca7e42d9beedb9c4c0b05f599e2eb0ea0
Details	IPv4	1	31.41.244.231
Details	IPv4	1	62.204.41.192
Details	IPv4	1	62.204.41.71
Details	IPv4	1	31.41.244.235
Details	Url	1	http://31.41.244.231/0x?0=loader
Details	Url	1	http://go.clss.cl/0k#=googlewindowsanalyticsconfiguration
Details	Url	1	http://31.41.244.231/avava/gate.php
Details	Url	1	http://ipinfo.io/ip.
Details	Url	1	http://ipinfo.io/country.
Details	Url	1	http://31.41.244.2311/avava/waw/documents/go.oo
Details	Url	1	http://31.41.244.2311/avava/waw/appdata/go.oo
Details	Url	1	http://62.204.41.71/offer/offer.oo
Details	Url	1	http://31.41.244.231/0xnana/file/nana.go
Details	Url	1	http://31.41.244.231/0x/?0=redline
Details	Url	1	http://31.41.244.231/0xmine/regasm.go
Details	Url	1	http://31.41.244.231/0xsocks/go.go
Details	Url	1	http://31.41.244.231/0xmine/go.go
Details	Url	1	http://31.41.244.231/0xmine/temp.exe
Details	Url	1	http://31.41.244.231/0x?0=windowsanalyticsconfiguration
Details	Url	1	http://31.41.244.231/0x/loader.go
Details	Url	1	http://31.41.244.231/avava/waw/appdata/go.oo
Details	Url	1	http://31.41.244.231/avava/waw/documents/go.oo
Details	Url	1	http://62.204.41.71/spm/spam.o
Details	Url	1	https://goo.su/daqhw
Details	Windows Registry Key	1	HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\shell
Details	Windows Registry Key	38	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Details	Windows Registry Key	1	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\WindowsConfiguration