modiloader | c788a15c98cfa74cb9af145523baf59e36546f928e6054dc3e91c171f1b8e5bb | Triage

Submit
Reports

Overview

overview

Static

static

PaymentsSlip.exe

windows7-x64

1

PaymentsSlip.exe

windows10-2004-x64

Resubmissions

25-07-2022 07:47

220725-jmkffsbcfr 10

25-07-2022 07:22

220725-h7rjtsbag4 10

Sharing

General

Target

7778926123.zip
Size

374KB
Sample

220725-h7rjtsbag4
MD5

32c23fe70ffc00a2369cd68110ca282c
SHA1

6c935d6de1abf0c68396fe869b89847894c611fe
SHA256

c788a15c98cfa74cb9af145523baf59e36546f928e6054dc3e91c171f1b8e5bb
SHA512

02006f229761b9fc33e8b2654a4f5667991a1125d97f1b25bcf333319ac6a57cece28fc518c07293d5d0c02da808d14da66b96acd60b9ae847d593fdce99384d

Score

10^/10

modiloader warzonerat collection infostealer persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

PaymentsSlip.exe

Resource

win7-20220718-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

PaymentsSlip.exe

Resource

win10v2004-20220721-en

modiloader warzonerat collection infostealer persistence rat trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

194.5.97.6:7007

Targets

- Target
  
  PaymentsSlip.exe
- Size
  
  899KB
- MD5
  
  49f570ee00750e7371ea4dfd4a274216
- SHA1
  
  9ec78b1a99c27c22be8ab837997cd43a7c0561bf
- SHA256
  
  f0949175ee4c6e72f3405816aac82be2863b1c6a01734e5750883da1362aa5ed
- SHA512
  
  d3d9b59627b951c55a15feb83b25b44ff2a06ba4da06e678febe20aa53f0847dcc8c2fa90cf6812642b323e82d840207002c6322cb720725513ea7f02146b29e
Score

10^/10

modiloader warzonerat collection infostealer persistence rat trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- ModiLoader Second Stage
- Warzone RAT payload
  rat
- Sets DLL path for service in the registry
  persistence
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

modiloaderwarzoneratcollectioninfostealerpersistencerattrojan

© 2018-2024

Terms | Privacy