modiloader | 7fc5cab9b8a5be34673d30ee1553d9c3a367e6a088e23fa99e4a6b53e0bc993d | Triage

Submit
Reports

Overview

overview

Static

static

ORDER__1.exe

windows7-x64

1

ORDER__1.exe

windows10-2004-x64

Sharing

General

Target

Order #165-3520P-WTMM10X.iso
Size

1.5MB
Sample

220831-pvqv4afhf2
MD5

510fe325e02ae0c90506b71436ceb0b8
SHA1

11d67b2c71463cd0f39a53867ddce00f9583faab
SHA256

7fc5cab9b8a5be34673d30ee1553d9c3a367e6a088e23fa99e4a6b53e0bc993d
SHA512

643c4c89613ed1bf75803ffcb86089c4fa1641d39eb55aa6d467d6012bf96638ca5dcbb20a3e2547f60efc822a53a54fbc9b527c203e2c88de89ea9e4f41b2b8
SSDEEP

12288:Y8HA79b9hfYBkePys94ClAFJXCrJ/0KbLtyB4pWRqbudaYz:5Axb3YBkeP944AFJYs0Li/8ikYz

Score

10^/10

modiloader netwire botnet persistence rat stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

ORDER__1.exe

Resource

win7-20220812-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

ORDER__1.exe

Resource

win10v2004-20220812-en

modiloader netwire botnet persistence rat stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  ORDER__1.EXE
- Size
  
  972KB
- MD5
  
  cf24bb3088fcff26fd01872839486f83
- SHA1
  
  7d00cd9ef02adc15cd67c46067c80f88fbd90782
- SHA256
  
  4cdde4b6617f96c1052c08ec2379ac02b2d10dc0f676179b0fd0b897c4be51e0
- SHA512
  
  728b8999eda544225aacb2070a4314293c15ecaf6f56b969bfb8b1ba6c45caa00421bce4138aad48aac3fc98b353d92ddc727d8ab202f2e9a68f8971ae737813
- SSDEEP
  
  12288:z8HA79b9hfYBkePys94ClAFJXCrJ/0KbLtyB4pWRqbudaYz:+Axb3YBkeP944AFJYs0Li/8ikYz
Score

10^/10

modiloader netwire botnet persistence rat stealer trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

modiloadernetwirebotnetpersistenceratstealertrojan

© 2018-2024

Terms | Privacy