modiloader | ab298689aca1c3f608dbc57b1b676867dcf9eb22ade75fe48b1819ed89130dfb | Triage

Submit
Reports

Overview

overview

Static

static

ab298689ac...fb.exe

windows7-x64

1

ab298689ac...fb.exe

windows10-2004-x64

Sharing

General

Target

ab298689aca1c3f608dbc57b1b676867dcf9eb22ade75fe48b1819ed89130dfb
Size

885KB
Sample

220804-py2rrsehf8
MD5

aba54c4f3a8fba3ee730a9f05f2f4997
SHA1

c67b99edc2c0b880038d6bd9f8179e9d165b1597
SHA256

ab298689aca1c3f608dbc57b1b676867dcf9eb22ade75fe48b1819ed89130dfb
SHA512

d6cf3cef20ba5879e0abab338e665914b3158c82f418dc02e80d734f07081c99ccec68c6b93db569014ee5438e8ce01d26cf59b151a780dee33bae7c02958868

Score

10^/10

modiloader warzonerat infostealer persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

ab298689aca1c3f608dbc57b1b676867dcf9eb22ade75fe48b1819ed89130dfb.exe

Resource

win7-20220715-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

ab298689aca1c3f608dbc57b1b676867dcf9eb22ade75fe48b1819ed89130dfb.exe

Resource

win10v2004-20220721-en

modiloader warzonerat infostealer persistence rat trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

style.etanetsys.com:42020

Targets

- Target
  
  ab298689aca1c3f608dbc57b1b676867dcf9eb22ade75fe48b1819ed89130dfb
- Size
  
  885KB
- MD5
  
  aba54c4f3a8fba3ee730a9f05f2f4997
- SHA1
  
  c67b99edc2c0b880038d6bd9f8179e9d165b1597
- SHA256
  
  ab298689aca1c3f608dbc57b1b676867dcf9eb22ade75fe48b1819ed89130dfb
- SHA512
  
  d6cf3cef20ba5879e0abab338e665914b3158c82f418dc02e80d734f07081c99ccec68c6b93db569014ee5438e8ce01d26cf59b151a780dee33bae7c02958868
Score

10^/10

modiloader warzonerat infostealer persistence rat trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- ModiLoader Second Stage
- Warzone RAT payload
  rat
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

modiloaderwarzoneratinfostealerpersistencerattrojan

© 2018-2024

Terms | Privacy