modiloader | 6db24529273edf15b17110e6abd8c2c530f183071b34155bbab3c24634a96275 | Triage

Submit
Reports

Overview

overview

Static

static

Scan New-P...er.exe

windows7_x64

Scan New-P...er.exe

windows10_x64

Sharing

General

Target

Scan New-PO _ZBT PSB 181 173 183 Quote EndUser.exe
Size

726KB
Sample

201216-yz37tj4j7a
MD5

4d6882825e1f77b1e970c029729f1ca7
SHA1

02feefaf98492d00b0a765c4a5396471e1441600
SHA256

6db24529273edf15b17110e6abd8c2c530f183071b34155bbab3c24634a96275
SHA512

42cfbb89df2b3aaa14db4a3b32c19234bc454c7f24421c6eefb168efca196f829364adebf501a85c8762e9f15205c5d1d561264b701f2d88893212933dae1d8f

Score

10^/10

modiloader warzonerat infostealer persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

Scan New-PO _ZBT PSB 181 173 183 Quote EndUser.exe

Resource

win7v20201028

modiloader warzonerat infostealer persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Scan New-PO _ZBT PSB 181 173 183 Quote EndUser.exe

Resource

win10v20201028

modiloader warzonerat infostealer persistence rat trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

warzonerat

C2

4sureme.ddns.net:4902

Targets

- Target
  
  Scan New-PO _ZBT PSB 181 173 183 Quote EndUser.exe
- Size
  
  726KB
- MD5
  
  4d6882825e1f77b1e970c029729f1ca7
- SHA1
  
  02feefaf98492d00b0a765c4a5396471e1441600
- SHA256
  
  6db24529273edf15b17110e6abd8c2c530f183071b34155bbab3c24634a96275
- SHA512
  
  42cfbb89df2b3aaa14db4a3b32c19234bc454c7f24421c6eefb168efca196f829364adebf501a85c8762e9f15205c5d1d561264b701f2d88893212933dae1d8f
Score

10^/10

modiloader warzonerat infostealer persistence rat trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT Payload
  rat
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

modiloaderwarzoneratinfostealerpersistencerattrojan

behavioral2

modiloaderwarzoneratinfostealerpersistencerattrojan

© 2018-2024

Terms | Privacy