modiloader | 674a079e480e5413fb327fab241e5ed2728d231a39fe2801dc2b7e7371ed589d | Triage

Submit
Reports

Overview

overview

Static

static

invoice35345.exe

windows7_x64

invoice35345.exe

windows10_x64

Sharing

General

Target

invoice35345.rar
Size

515KB
Sample

201126-grvknz1kfx
MD5

e7b48f5efa758ace9818a3ecb9ff0cf6
SHA1

f0908352cbf7e16d0757f80dff8bf43f322528a6
SHA256

674a079e480e5413fb327fab241e5ed2728d231a39fe2801dc2b7e7371ed589d
SHA512

8455f77635db79943ca8ea6bae1201d7c91dfcbb1fdd1f255ec6057d8aea937639406274c0479ac65345f93fe2cdd6caa0ad7eaec81be8064b806a96c6c46d79

Score

10^/10

modiloader warzonerat infostealer persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

invoice35345.exe

Resource

win7v20201028

modiloader warzonerat infostealer persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

invoice35345.exe

Resource

win10v20201028

modiloader warzonerat infostealer persistence rat trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

warzonerat

C2

oluwabless.ddns.net:4422

Targets

- Target
  
  invoice35345.exe
- Size
  
  1.2MB
- MD5
  
  c03062ae6935df7b0c0e80a652e53ee6
- SHA1
  
  e5e0be61146ca04f9ba77901c6bccb432aae46ff
- SHA256
  
  d63d68ff0b5d7bd477628a455f17cd500a73bb6563a87d8781e3528417a541ff
- SHA512
  
  f42a13c385e8768f9d1c77c2b238110c39fe18cf8dff9e5a5f041f3776e9d13fa22f36f0dad287f0cd56e081f7e8c8dcc89e365e8c4782179ae81353c3202a02
Score

10^/10

modiloader warzonerat infostealer persistence rat trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT Payload
  rat
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

modiloaderwarzoneratinfostealerpersistencerattrojan

behavioral2

modiloaderwarzoneratinfostealerpersistencerattrojan

© 2018-2024

Terms | Privacy