modiloader | 900d0f981878ee88e45a935d586dbede6a72119be467e047bcb3112edbd0e9f3 | Triage

Submit
Reports

Overview

overview

Static

static

GIE_ENQ-04...oc.exe

windows7_x64

1

GIE_ENQ-04...oc.exe

windows10-2004_x64

Sharing

General

Target

GIE_ENQ-0407-2022_doc.exe
Size

709KB
Sample

220627-nge11aagfm
MD5

715d60bb43c2575de720d7305f1cc391
SHA1

ed1a646b28acf9226739066fa5014b937f407064
SHA256

900d0f981878ee88e45a935d586dbede6a72119be467e047bcb3112edbd0e9f3
SHA512

1da2376d5a9f9934848216c828711691d2814518dd2a0608972a04e5be15b7836f9c2396a81744211d8c3f412df2980e72933a45ceb47bdc536c57c64f8897ef

Score

10^/10

modiloader netwire botnet persistence rat stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

GIE_ENQ-0407-2022_doc.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

GIE_ENQ-0407-2022_doc.exe

Resource

win10v2004-20220414-en

modiloader netwire botnet persistence rat stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

netwire

C2

makabuike.duckdns.org:3360

sbdndbnb.duckdns.org:3360

neverbackingdown.duckdns.org:3360

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
HostId-%Rand%
lock_executable
false
offline_keylogger
false
password
Password
registry_autorun
false
use_mutex
false

Targets

- Target
  
  GIE_ENQ-0407-2022_doc.exe
- Size
  
  709KB
- MD5
  
  715d60bb43c2575de720d7305f1cc391
- SHA1
  
  ed1a646b28acf9226739066fa5014b937f407064
- SHA256
  
  900d0f981878ee88e45a935d586dbede6a72119be467e047bcb3112edbd0e9f3
- SHA512
  
  1da2376d5a9f9934848216c828711691d2814518dd2a0608972a04e5be15b7836f9c2396a81744211d8c3f412df2980e72933a45ceb47bdc536c57c64f8897ef
Score

10^/10

modiloader netwire botnet persistence rat stealer trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- ModiLoader Second Stage
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

modiloadernetwirebotnetpersistenceratstealertrojan

© 2018-2024

Terms | Privacy