modiloader | de8962c07eba5fdd819df024cf7a88ccbec0084913e782182dc0392338f0243e | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

Certificat...al.exe

windows7-x64

Certificat...al.exe

windows10-2004-x64

Sharing

General

Target

Certificate List Approval.exe
Size

838KB
Sample

221027-jf93jabdf7
MD5

133ee804d211d56cea58c990da20e29a
SHA1

bd575d2a054bc32d620b87f7b61daee26553cf59
SHA256

de8962c07eba5fdd819df024cf7a88ccbec0084913e782182dc0392338f0243e
SHA512

df888c194de33037b34d1aa5f9aaeb2659e5c6c204370cb50aeb67bd370a3c9509b7ea00625ae76238646af7a433245e6b665a2c3a90c52fc9b77d1adcb08b2c
SSDEEP

12288:sF8g8oq/3jAHkBWcpO9ZjtGfoDCNpF+1PPITtsUX/vx9wdRU6KJpgs6U:sFFu/ykBWX9x1uNxuYwfIgh

Score

10^/10

modiloader warzonerat collection infostealer persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

Certificate List Approval.exe

Resource

win7-20220812-en

modiloader trojan

windows7-x64

2 signatures

120 seconds

Behavioral task

behavioral2

Sample

Certificate List Approval.exe

Resource

win10v2004-20220901-en

modiloader warzonerat collection infostealer persistence rat trojan

windows10-2004-x64

14 signatures

120 seconds

Malware Config

Extracted

Family

warzonerat

C2

pentester0.accesscam.org:53655

Targets

- Target
  
  Certificate List Approval.exe
- Size
  
  838KB
- MD5
  
  133ee804d211d56cea58c990da20e29a
- SHA1
  
  bd575d2a054bc32d620b87f7b61daee26553cf59
- SHA256
  
  de8962c07eba5fdd819df024cf7a88ccbec0084913e782182dc0392338f0243e
- SHA512
  
  df888c194de33037b34d1aa5f9aaeb2659e5c6c204370cb50aeb67bd370a3c9509b7ea00625ae76238646af7a433245e6b665a2c3a90c52fc9b77d1adcb08b2c
- SSDEEP
  
  12288:sF8g8oq/3jAHkBWcpO9ZjtGfoDCNpF+1PPITtsUX/vx9wdRU6KJpgs6U:sFFu/ykBWX9x1uNxuYwfIgh
Score

10^/10

modiloader trojan warzonerat collection infostealer persistence rat
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- ModiLoader Second Stage
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloadertrojan

behavioral2

modiloaderwarzoneratcollectioninfostealerpersistencerattrojan

© 2018-2025

Terms | Privacy