Extracted

• • Target

    Etahlplefwxouf.exe

  • Size

    734KB

  • MD5

    3ae8a915191e154e1d390f011d1403b0

  • SHA1

    e36e2d035f0f4cfae0b43cde8bc276d9ea9ccb13

  • SHA256

    e57273b7f448b8713bd164d86bfd24a01570a4f5902e09fd07d6df7088458cd1

  • SHA512

    9bec68396187f51474809eb1c2a3fa1e9a21b3f8cadb33d6ad726b04afb41d6a3e6459832ec0ca13588265c748681dc1d9847883e1953b4f5f4157636cda882a

  • SSDEEP

    12288:ARGCFg0BOWvJ4sFJzZDM94u2itVSX3x7FRS8H8VML2kjO9:AMiBOWvpPlLHitVSn52rmKk

  Score

  10^/10

  modiloadertrojanwarzoneratinfostealerpersistencerat

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • ModiLoader Second Stage

  • Warzone RAT payload

    rat

  • Blocklisted process makes network request

  • Adds Run key to start application

    persistence
  behavioral1behavioral2