modiloader | 2b20d4fe1f4b543fb96b4c713e2cf0d549ba923eaed35195752590daebaae8e9 | Triage

Submit
Reports

Overview

overview

Static

static

win10-standard

windows10-2004-x64

Sharing

General

Target

364e40063a733c84ebc32bef5ef670e82759effe
Size

1.1MB
Sample

221007-cqh88sbegk
MD5

ef086ba45f0a256f399b34ec7fb95de0
SHA1

364e40063a733c84ebc32bef5ef670e82759effe
SHA256

2b20d4fe1f4b543fb96b4c713e2cf0d549ba923eaed35195752590daebaae8e9
SHA512

3b80a8646584dbf346833c9a4267645016e8e5de9eb0247e98e74629697e12830dc86165ea16f1373085ef747eac2a40dd0712948f1b6fd9a66f48f4b170e0bd
SSDEEP

24576:mkS1iKn5q5M4y7BAgAiIekzFgYglCO2XeLoPx:mkNl5aivAlCfOLoJ

Score

10^/10

modiloader warzonerat infostealer persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

364e40063a733c84ebc32bef5ef670e82759effe.exe

Resource

win10v2004-20220812-en

modiloader warzonerat infostealer persistence rat trojan

windows10-2004-x64

8 signatures

200 seconds

Malware Config

Extracted

Family

warzonerat

C2

pentester01.duckdns.org:44902

Targets

- Target
  
  364e40063a733c84ebc32bef5ef670e82759effe
- Size
  
  1.1MB
- MD5
  
  ef086ba45f0a256f399b34ec7fb95de0
- SHA1
  
  364e40063a733c84ebc32bef5ef670e82759effe
- SHA256
  
  2b20d4fe1f4b543fb96b4c713e2cf0d549ba923eaed35195752590daebaae8e9
- SHA512
  
  3b80a8646584dbf346833c9a4267645016e8e5de9eb0247e98e74629697e12830dc86165ea16f1373085ef747eac2a40dd0712948f1b6fd9a66f48f4b170e0bd
- SSDEEP
  
  24576:mkS1iKn5q5M4y7BAgAiIekzFgYglCO2XeLoPx:mkNl5aivAlCfOLoJ
Score

10^/10

modiloader warzonerat infostealer persistence rat trojan
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

modiloaderwarzoneratinfostealerpersistencerattrojan

© 2018-2024

Terms | Privacy