modiloader | 97c54d93ac31bbe3462242b5714804042342e581416c67b77dfd7494f77367b2 | Triage

Submit
Reports

Overview

overview

Static

static

Delivery Report.exe

windows7-x64

Delivery Report.exe

windows10-2004-x64

Sharing

General

Target

Delivery Report.exe
Size

854KB
Sample

221118-s28w2adf3v
MD5

8eca9c1d1031a98dc5f7900c31707473
SHA1

a7a03da58b79d7d39a3705e1bba5e4a4aeb850ec
SHA256

97c54d93ac31bbe3462242b5714804042342e581416c67b77dfd7494f77367b2
SHA512

f2064609d8d957d063ce06bf7fef308ea00a8cfc3e02d7250e8b23fa39ddcf3d627963367826306b3db544b7926f7528aa6f82d5ae8747d1798a14a8250ad2b7
SSDEEP

12288:zZ927jdTn4YRkAvIHenu/JdgQbug0lUxa66kXUqTfTB2O4rwSMpxA6Fs2Cz1dqX:zZU7VxRkwPusKAbpq7oOqLMfF8q

Score

10^/10

modiloader warzonerat infostealer persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

Delivery Report.exe

Resource

win7-20221111-en

modiloader trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

Delivery Report.exe

Resource

win10v2004-20221111-en

modiloader warzonerat infostealer persistence rat trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://onedrive.live.com/download?cid=EDCA24AC9B2BDA50&resid=EDCA24AC9B2BDA50%21121&authkey=AOCroWgFIgHS9Kc

Targets

- Target
  
  Delivery Report.exe
- Size
  
  854KB
- MD5
  
  8eca9c1d1031a98dc5f7900c31707473
- SHA1
  
  a7a03da58b79d7d39a3705e1bba5e4a4aeb850ec
- SHA256
  
  97c54d93ac31bbe3462242b5714804042342e581416c67b77dfd7494f77367b2
- SHA512
  
  f2064609d8d957d063ce06bf7fef308ea00a8cfc3e02d7250e8b23fa39ddcf3d627963367826306b3db544b7926f7528aa6f82d5ae8747d1798a14a8250ad2b7
- SSDEEP
  
  12288:zZ927jdTn4YRkAvIHenu/JdgQbug0lUxa66kXUqTfTB2O4rwSMpxA6Fs2Cz1dqX:zZU7VxRkwPusKAbpq7oOqLMfF8q
Score

10^/10

modiloader trojan warzonerat infostealer persistence rat
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- ModiLoader Second Stage
- Warzone RAT payload
  rat
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

modiloadertrojan

behavioral2

modiloaderwarzoneratinfostealerpersistencerattrojan

© 2018-2024

Terms | Privacy