modiloader | da31c02c004f7e04408dea6429c362b4870c87a99fb2ae8ace1dac200a7fce5d | Triage

Submit
Reports

Overview

overview

Static

static

Doc0011887...98.scr

windows7_x64

Doc0011887...98.scr

windows10_x64

Sharing

General

Target

Doc00118871655141998.scr
Size

950KB
Sample

201226-zhr2l3hjj6
MD5

60c579a32e2cc16c804692018a64fa84
SHA1

1ffe13bd73cf63b6ee0b6401cefd905a24cbb8a3
SHA256

da31c02c004f7e04408dea6429c362b4870c87a99fb2ae8ace1dac200a7fce5d
SHA512

48722d955395afd6c89e81b371b9c0db9e3d362dbe31fbe8a7e7d2cf741790e8d5a19cf990afc83d01297be2d4d96451b9c06625118ed767ae18d9b30db0a181

Score

10^/10

modiloader warzonerat infostealer persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

Doc00118871655141998.scr

Resource

win7v20201028

modiloader warzonerat infostealer persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Doc00118871655141998.scr

Resource

win10v20201028

modiloader warzonerat infostealer persistence rat trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Doc00118871655141998.scr
- Size
  
  950KB
- MD5
  
  60c579a32e2cc16c804692018a64fa84
- SHA1
  
  1ffe13bd73cf63b6ee0b6401cefd905a24cbb8a3
- SHA256
  
  da31c02c004f7e04408dea6429c362b4870c87a99fb2ae8ace1dac200a7fce5d
- SHA512
  
  48722d955395afd6c89e81b371b9c0db9e3d362dbe31fbe8a7e7d2cf741790e8d5a19cf990afc83d01297be2d4d96451b9c06625118ed767ae18d9b30db0a181
Score

10^/10

modiloader warzonerat infostealer persistence rat trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- ModiLoader First Stage
- Warzone RAT Payload
  rat
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

modiloaderwarzoneratinfostealerpersistencerattrojan

behavioral2

modiloaderwarzoneratinfostealerpersistencerattrojan

© 2018-2024

Terms | Privacy