modiloader | 6884a05e0ae89b5a9de6b90a131faa230d074a83ae34a3bd55929e95dcc29bbf | Triage

Sharing

General

Target

sample3.zip
Size

338KB
Sample

210504-nwrxsehtkn
MD5

bc0e0de1e1a85c5b34294d12f8330919
SHA1

dd325828ca66758d09dc36c5843d4dc279cbd6f5
SHA256

6884a05e0ae89b5a9de6b90a131faa230d074a83ae34a3bd55929e95dcc29bbf
SHA512

36e3650fa9d9e7c9898fb7b05423327cf55235feab2ee1d0a6592ffdedb5a7e8567f9eb9fbfcb597b23209f63122b6b74c8b67a0f8f63936bb85a5d84d7eb530

Score

10^/10

modiloader netwire botnet persistence stealer trojan

Malware Config

Targets

- Target
  
  f3ad47ca842225f405e277f5f2b0521266fe65a90bf746ac39a67990835ddf14.bin
- Size
  
  753KB
- MD5
  
  abb973cc735baa96deac84f5653fd89a
- SHA1
  
  59c52bab6062e461866be8b918a376e4362571e1
- SHA256
  
  f3ad47ca842225f405e277f5f2b0521266fe65a90bf746ac39a67990835ddf14
- SHA512
  
  b44074cc3a0b114e3580c2222c29782d42c814ab365731a97c3f76bbc62206a6cd59a12f86d16aeeb8004c84d5ad871bf2b058d291dfb66cf2fd138e0159b59b
Score

10^/10

modiloader persistence trojan netwire botnet stealer
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

modiloaderpersistencetrojan

behavioral2

netwirebotnetpersistencestealer