General
-
Target
vbc.exe
-
Size
1.0MB
-
Sample
220706-qaxnksfac2
-
MD5
a3ed8e1e651ebc9c03d3ef4cb777a57b
-
SHA1
f6fec326cc48f6a0f775d38c953e897e3088c88b
-
SHA256
dcd417c960f009841f2451986e5ec39bbb5e41aeca08a683d2d9228b302c32a6
-
SHA512
6d0fbb538513aa6c693a013842b8065cf1bb26cf6c54549b70a2d3b87f1fa6496e3d580653c016db68c68c9b75d25df8898fb8d32ebff6e642f505090cc34333
Static task
static1
Behavioral task
behavioral1
Sample
vbc.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
vbc.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
vbc.exe
-
Size
1.0MB
-
MD5
a3ed8e1e651ebc9c03d3ef4cb777a57b
-
SHA1
f6fec326cc48f6a0f775d38c953e897e3088c88b
-
SHA256
dcd417c960f009841f2451986e5ec39bbb5e41aeca08a683d2d9228b302c32a6
-
SHA512
6d0fbb538513aa6c693a013842b8065cf1bb26cf6c54549b70a2d3b87f1fa6496e3d580653c016db68c68c9b75d25df8898fb8d32ebff6e642f505090cc34333
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
ModiLoader Second Stage
-
Warzone RAT Payload
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Modifies WinLogon
-