modiloader | 2c7e36d7f10ff9b97bd4bf6c8a5a63f620b2aad8683984a54e12f97b73302a18 | Triage

Submit
Reports

Overview

overview

Static

static

Jqqzrja.exe

windows7_x64

Jqqzrja.exe

windows10_x64

Sharing

General

Target

Jqqzrja.exe
Size

944KB
Sample

220422-teqmlsdfb7
MD5

08a179cfc5c59fe478a80f65b2a0f5b2
SHA1

d6648e3830f971162143d8e1d4a6054175559174
SHA256

2c7e36d7f10ff9b97bd4bf6c8a5a63f620b2aad8683984a54e12f97b73302a18
SHA512

b6b1d7b7b286174e5fdcdea3380174604326c849f6b1bf41ad0b2f440ca92a6705bfca7acaaf4ca0fdedf78f063076cd78c715e17d55e8198c6bb59836df71b4

Score

10^/10

modiloader warzonerat infostealer persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

Jqqzrja.exe

Resource

win7-20220414-en

modiloader warzonerat infostealer persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Jqqzrja.exe

Resource

win10-20220414-en

modiloader warzonerat infostealer persistence rat trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

warzonerat

C2

pentester01.duckdns.org:54788

Targets

- Target
  
  Jqqzrja.exe
- Size
  
  944KB
- MD5
  
  08a179cfc5c59fe478a80f65b2a0f5b2
- SHA1
  
  d6648e3830f971162143d8e1d4a6054175559174
- SHA256
  
  2c7e36d7f10ff9b97bd4bf6c8a5a63f620b2aad8683984a54e12f97b73302a18
- SHA512
  
  b6b1d7b7b286174e5fdcdea3380174604326c849f6b1bf41ad0b2f440ca92a6705bfca7acaaf4ca0fdedf78f063076cd78c715e17d55e8198c6bb59836df71b4
Score

10^/10

modiloader warzonerat infostealer persistence rat trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT Payload
  rat
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

modiloaderwarzoneratinfostealerpersistencerattrojan

behavioral2

modiloaderwarzoneratinfostealerpersistencerattrojan

© 2018-2024

Terms | Privacy