modiloader | 0056aa9a0bc6674f55dba6efc8e785532ba7ace8f166019b82df21def29bf66a | Triage

Submit
Reports

Overview

overview

Static

static

Ymtzodupze...gv.exe

windows10-1703-x64

Sharing

General

Target

Details_File_Copy.cab.zip
Size

394KB
Sample

220721-3bzksabccm
MD5

5c875faa06f093e48bb26c71222a3568
SHA1

e65a4de3e36284c19eded45c32a743edfcc66abb
SHA256

0056aa9a0bc6674f55dba6efc8e785532ba7ace8f166019b82df21def29bf66a
SHA512

a09e67f6f5f4c393f6e565adbdff10e7b0297b4cf5b1a02fabbc695e350779ec388cbb0911fabed154405880f0f6f686dfed25dfa790cf527564737d5c3f83bf

Score

10^/10

modiloader netwire botnet persistence rat stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Ymtzodupzewdafnfcfctgjmwryfuszwvgv.exe

Resource

win10-20220718-en

modiloader netwire botnet persistence rat stealer trojan

windows10-1703-x64

8 signatures

300 seconds

Malware Config

Extracted

Family

netwire

C2

213.152.162.181:5133

184.75.221.171:5133

199.249.230.27:5133

185.103.96.143:5133

185.104.184.43:5133

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
HostId-Eee0a2
lock_executable
true
mutex
SeDCqQtm
offline_keylogger
false
password
Password
registry_autorun
false
use_mutex
true

Targets

- Target
  
  Ymtzodupzewdafnfcfctgjmwryfuszwvgv.exe
- Size
  
  734KB
- MD5
  
  db08ce3bbbb90d2099294727f9fed0ca
- SHA1
  
  e320c45ce977499f895177389066f779a297d221
- SHA256
  
  340df05912b606b10196adf2ccd3bf9f34a24066ea30f4369596e9fcace90f02
- SHA512
  
  225d9dc6cbe33124c86c3a4d208f4e8099a9f6f58a437ffce59829ca3098b87a343b6718f12185cb0d611efa89dbfd0d0e4d86bb7a7cdf4e0aa1e33b939662c5
Score

10^/10

modiloader netwire botnet persistence rat stealer trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloadernetwirebotnetpersistenceratstealertrojan

© 2018-2024

Terms | Privacy